Overview
A critical vulnerability tracked as CVE-2026-34178 affects Canonical LXD before version 6.8. During backup import operations, LXD validates project restrictions against backup/index.yaml inside the supplied tar archive, but then creates the instance using backup/container/backup.yaml — a separate file within the same archive that is never checked against project restrictions. An authenticated attacker can exploit this discrepancy to create instances that violate project restriction policies. The vulnerability carries a CVSS score of 9.1 (Critical).
Vulnerability Details
| Field | Details |
|---|---|
| CVE ID | CVE-2026-34178 |
| CVSS Score | 9.1 (Critical) |
| Affected Versions | Canonical LXD before 6.8 |
| Fixed Version | Canonical LXD 6.8 |
| Attack Vector | Network (Authenticated) |
| Attack Complexity | Low |
| Privileges Required | Low (authenticated user) |
Technical Analysis
LXD supports importing instance backups from tar archives. This import process is designed to enforce project-level restrictions — ensuring that an imported instance adheres to the same resource and configuration limits as any other instance in the project.
The vulnerability exploits a path confusion / split-brain validation flaw:
- Validation step: LXD reads and validates project restrictions against
backup/index.yamlinside the uploaded tar archive - Creation step: LXD creates the actual instance using
backup/container/backup.yaml— a different file in the same archive
Since these are two separate files, an attacker can craft a malicious tar archive where:
backup/index.yamlcontains a benign, restriction-compliant configuration (passes validation)backup/container/backup.yamlcontains a malicious configuration that violates project restrictions (never checked)
Exploit scenario:
malicious_backup.tar
├── backup/
│ ├── index.yaml ← Checked against project restrictions (passes)
│ └── container/
│ └── backup.yaml ← Used to CREATE instance (NEVER checked)
An authenticated attacker with backup import privileges can construct such an archive and import it, causing LXD to create an instance with configuration that the project restrictions would normally forbid — such as excessive CPU/memory limits, privileged containers, host device mappings, or restricted network configurations.
Impact
In multi-tenant or restricted-access LXD environments, project restrictions are the primary mechanism for enforcing resource and security policies between users. Bypassing these restrictions allows:
- Resource limit evasion: Creating instances with more CPU, RAM, or storage than permitted
- Privileged container creation: Creating privileged containers that can access the host filesystem
- Unauthorized device access: Mapping host devices (GPU, disks, USB) not permitted by project policy
- Security policy bypass: Setting configuration options that are explicitly blocked by project administrators
This is especially impactful on cloud platforms, shared LXD clusters, and LXD-based PaaS offerings where project isolation is a core security guarantee.
Relationship to CVE-2026-34177
This vulnerability was disclosed alongside CVE-2026-34177, which describes an incomplete denylist in LXD's isVMLowLevelOptionForbidden function (also CVSS 9.1). Both vulnerabilities affect LXD's project restriction enforcement mechanism and were fixed together in LXD 6.8.
Organizations should treat both CVEs as part of the same remediation effort and upgrade to 6.8 promptly.
Remediation
Upgrade to Canonical LXD 6.8 or later. This version corrects the backup import logic to validate project restrictions against backup/container/backup.yaml (the file actually used for instance creation) rather than solely relying on backup/index.yaml.
Interim mitigations:
- Restrict backup import permissions — remove backup import capabilities from untrusted or low-privilege users via project configuration
- Audit recent backup imports — review any backup imports performed since LXD 4.12 (or earlier) for configuration anomalies
- Monitor project resource usage — watch for instances exceeding their expected resource allocations, which may indicate exploitation
# Check who has performed recent backup imports
lxc monitor --type operation | grep -i backup
# Verify project restrictions are correctly applied
lxc project show <project-name> | grep -A 50 configUpgrade Path
# Upgrade LXD via snap (standard installation)
sudo snap refresh lxd --channel=latest/stable
# Verify version
lxd --version