PatchSiren cyber security CVE debrief
CVE-2026-12411 Canonical CVE debrief
CVE-2026-12411 is a HIGH severity vulnerability in Canonical LXD, allowing an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled. The vulnerability has a CVSS score of 8.4 and was published on June 26, 2026. The CVE record and NVD detail provide further information on this vulnerability. A patch is available in the LXD repository. Users should review their LXD configurations and apply the patch to mitigate this vulnerability.
- Vendor
- Canonical
- Product
- LXD
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-26
- Original CVE updated
- 2026-07-02
- Advisory published
- 2026-06-26
- Advisory updated
- 2026-07-02
Who should care
Users of Canonical LXD, especially those with untrusted guests, should be aware of this vulnerability and take steps to mitigate it. Reviewing LXD configurations and applying the available patch are crucial to preventing exploitation. Security teams and administrators responsible for LXD deployments should prioritize this vulnerability.
Technical summary
The vulnerability, CVE-2026-12411, is caused by a broken access control in the devLXDInstancePatchHandler component of Canonical LXD. An untrusted guest can exploit this by sending a crafted device PATCH request over /dev/lxd, allowing them to mount, read, and overwrite another guest's custom storage volume if security.devlxd.management.volumes is enabled. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. This indicates a high severity vulnerability that requires local access but can have significant impacts.
Defensive priority
This vulnerability should be prioritized for remediation due to its high severity and the potential for significant impact. Applying the patch provided in the LXD repository is crucial to mitigating this vulnerability.
Recommended defensive actions
- Review LXD configurations to ensure security.devlxd.management.volumes is not enabled if not required.
- Apply the patch available in the LXD repository to fix the broken access control.
- Monitor LXD deployments for any suspicious activity related to device PATCH requests.
- Consider compensating controls such as restricting access to /dev/lxd.
- Update inventory to track LXD deployments and their configurations.
Evidence notes
The CVE record and NVD detail provide official information on this vulnerability. Additional references include a patch in the LXD repository and a vendor advisory. The vulnerability allows an untrusted guest to access and modify another guest's storage, indicating a need for immediate remediation.
Official resources
-
CVE-2026-12411 CVE record
CVE.org
-
CVE-2026-12411 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.