PatchSiren cyber security CVE debrief
CVE-2026-9640 Canonical CVE debrief
CVE-2026-9640 is a high-severity privilege escalation vulnerability in LXD, a container hypervisor. The vulnerability exists in LXD versions from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7. An authenticated project operator in a restricted multi-tenant environment can exploit this vulnerability by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation, allowing the operator to gain unauthorized host root access.
- Vendor
- Canonical
- Product
- Lxd
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-26
- Original CVE updated
- 2026-07-02
- Advisory published
- 2026-06-26
- Advisory updated
- 2026-07-02
Who should care
System administrators and security teams managing LXD deployments, particularly in multi-tenant environments, should be aware of this vulnerability. They should assess their LXD versions and apply patches or mitigations as necessary to prevent potential privilege escalation attacks.
Technical summary
The vulnerability arises from the handling of project-restriction policies during snapshot restoration in LXD. An authenticated project operator can bypass policy restrictions by importing a malicious instance backup with restricted configuration keys. When the snapshot is restored, these keys are applied without validation, granting the operator unauthorized host root access. The vulnerability has a CVSS score of 7.2 and is classified as HIGH severity.
Defensive priority
This vulnerability should be prioritized for remediation due to its high severity and potential impact. LXD administrators should apply patches or mitigations as soon as possible to prevent exploitation.
Recommended defensive actions
- Assess LXD versions and identify instances that require patching or mitigation.
- Apply patches or updates to LXD versions 6.0-6.9, 5.21.0-5.21.5, and 5.0.0-5.0.7.
- Implement additional monitoring and logging to detect potential exploitation attempts.
- Review and update project-restriction policies to minimize the attack surface.
- Consider implementing compensating controls, such as restricting access to LXD instances or enhancing authentication mechanisms.
Evidence notes
The CVE-2026-9640 vulnerability is documented in the official CVE record and NVD detail pages. Additional information is available from vendor references and issue tracking links provided in the resource links section.
Official resources
-
CVE-2026-9640 CVE record
CVE.org
-
CVE-2026-9640 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Source reference
[email protected] - Exploit
This article is AI-assisted and based on the supplied source corpus.