Executive Summary

CVE-2026-9640 is a critical privilege escalation vulnerability in LXD, a system container and virtual machine manager. It affects versions before 6.9, 5.21.5, and 5.0.7. The issue arises from improper handling of project-restriction policies during snapshot restoration in a restricted multi-tenant environment.

An authenticated project operator can bypass these restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without proper policy validation.

Starting the modified instance then grants the operator unauthorized root access on the host, effectively allowing them to escalate privileges beyond their intended scope.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including complete host compromise. An attacker with authenticated project operator permissions can gain arbitrary root access on the host system by exploiting this flaw.

• Bypass of project restrictions in multi-tenant environments.
• Unauthorized escalation to host root privileges.
• Potential loss of confidentiality, integrity, and availability of the host system.

The attack requires network access and high privileges within the project but no user interaction, making it a critical risk in environments using LXD with restricted projects.

Useful 0 Not Useful 0

Detection Guidance

Detection of CVE-2026-9640 involves identifying if an authenticated project operator has imported or restored snapshots containing maliciously crafted configuration keys that bypass project restrictions.

Specifically, you should check for snapshots or instance backups that include restricted configuration keys such as `raw.lxc`, `raw.qemu`, `raw.idmap`, `raw.apparmor`, `security.privileged=true`, `security.syscalls.*`, or arbitrary host-path disk devices.

Commands to detect suspicious snapshots or backups might include inspecting instance configurations and snapshots for these keys. For example, using LXD CLI commands:

• `lxc config show <instance-name>` - to view the current configuration of an instance.
• `lxc snapshot list <instance-name>` - to list snapshots of an instance.
• `lxc config show <instance-name>/<snapshot-name>` - to inspect snapshot configurations.

Look for the presence of restricted keys in these configurations that should not be allowed under project restrictions.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate CVE-2026-9640, immediately upgrade LXD to a patched version where this vulnerability is fixed.

• Upgrade to LXD versions 6.9, 5.21.5, or 5.0.7 or later, which include fixes for this issue.

Additionally, restrict project operator permissions to minimize the risk of exploitation, especially in multi-tenant environments with `restricted=true` and `restricted.containers.lowlevel=block` settings.

Review and audit existing snapshots and backups for malicious configurations and avoid restoring snapshots from untrusted sources.

Apply the security patches and backports described in the pull requests that address project limits and permissions, snapshot configuration validation, and import restrictions.

Useful 0 Not Useful 0