CVE-2026-9640
Analyzed Analyzed - Analysis Complete

Privilege Escalation in LXD via Malicious Snapshot Restoration

Vulnerability report for CVE-2026-9640, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-07-02

Assigner: Canonical Ltd.

Description

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-07-02
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
canonical lxd From 5.21.0 (inc) to 5.21.5 (exc)
canonical lxd From 6.0 (inc) to 6.9 (exc)
canonical lxd From 4.12 (inc) to 5.0.7 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9640 is a critical privilege escalation vulnerability in LXD, a system container and virtual machine manager. It affects versions before 6.9, 5.21.5, and 5.0.7. The issue arises from improper handling of project-restriction policies during snapshot restoration in a restricted multi-tenant environment.

An authenticated project operator can bypass these restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without proper policy validation.

Starting the modified instance then grants the operator unauthorized root access on the host, effectively allowing them to escalate privileges beyond their intended scope.

Detection Guidance

Detection of CVE-2026-9640 involves identifying if an authenticated project operator has imported or restored snapshots containing maliciously crafted configuration keys that bypass project restrictions.

Specifically, you should check for snapshots or instance backups that include restricted configuration keys such as `raw.lxc`, `raw.qemu`, `raw.idmap`, `raw.apparmor`, `security.privileged=true`, `security.syscalls.*`, or arbitrary host-path disk devices.

Commands to detect suspicious snapshots or backups might include inspecting instance configurations and snapshots for these keys. For example, using LXD CLI commands:

  • `lxc config show <instance-name>` - to view the current configuration of an instance.
  • `lxc snapshot list <instance-name>` - to list snapshots of an instance.
  • `lxc config show <instance-name>/<snapshot-name>` - to inspect snapshot configurations.

Look for the presence of restricted keys in these configurations that should not be allowed under project restrictions.

Impact Analysis

This vulnerability can have severe impacts including complete host compromise. An attacker with authenticated project operator permissions can gain arbitrary root access on the host system by exploiting this flaw.

  • Bypass of project restrictions in multi-tenant environments.
  • Unauthorized escalation to host root privileges.
  • Potential loss of confidentiality, integrity, and availability of the host system.

The attack requires network access and high privileges within the project but no user interaction, making it a critical risk in environments using LXD with restricted projects.

Compliance Impact

This vulnerability allows an authenticated project operator to bypass policy restrictions and gain unauthorized host root access by importing malicious snapshots. Such unauthorized access can lead to a complete compromise of the host system, resulting in high confidentiality, integrity, and availability loss.

Given the potential for unauthorized access to sensitive data and system controls, this vulnerability could negatively impact compliance with common standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive information.

Organizations using affected versions of LXD in multi-tenant environments should consider this vulnerability a critical risk to their compliance posture until patched.

Mitigation Strategies

To mitigate CVE-2026-9640, immediately upgrade LXD to a patched version where this vulnerability is fixed.

  • Upgrade to LXD versions 6.9, 5.21.5, or 5.0.7 or later, which include fixes for this issue.

Additionally, restrict project operator permissions to minimize the risk of exploitation, especially in multi-tenant environments with `restricted=true` and `restricted.containers.lowlevel=block` settings.

Review and audit existing snapshots and backups for malicious configurations and avoid restoring snapshots from untrusted sources.

Apply the security patches and backports described in the pull requests that address project limits and permissions, snapshot configuration validation, and import restrictions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart