CVE-2026-34178 Overview
A critical authorization bypass vulnerability has been discovered in Canonical LXD before version 6.8. The flaw exists in the backup import path where project restrictions are validated against backup/index.yaml in the supplied tar archive, but the instance is created from backup/container/backup.yaml—a separate file in the same archive that is never checked against project restrictions. This inconsistency allows an authenticated remote attacker with instance-creation permission in a restricted project to craft a malicious backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, completely bypassing all project restriction enforcement and potentially leading to full host compromise.
Critical Impact
Authenticated attackers can bypass project security restrictions to gain privileged container access, potentially achieving full host system compromise through container escape.
Affected Products
- Canonical LXD versions before 6.8
Discovery Timeline
- 2026-04-09 - CVE-2026-34178 published to NVD
- 2026-04-09 - Last updated in NVD database
Technical Details for CVE-2026-34178
Vulnerability Analysis
This vulnerability represents a classic Time-of-Check Time-of-Use (TOCTOU) style flaw in the backup import validation logic. The LXD container management daemon performs security validation on one file (backup/index.yaml) but then proceeds to use configuration data from a completely different file (backup/container/backup.yaml) when actually creating the container instance. This architectural flaw means that any project-level restrictions configured by administrators—designed to limit what containers can do within a project—can be entirely circumvented by an attacker who crafts a specially designed backup archive.
The attack is particularly dangerous because it targets the trust boundary between project isolation and host security. Projects in LXD are designed to provide multi-tenant isolation, allowing administrators to restrict what users can configure. However, this vulnerability allows authenticated users to inject dangerous configurations like security.privileged=true (which grants the container root-equivalent access to the host) or raw.lxc directives (which allow arbitrary LXC configuration bypassing LXD's safety checks).
Root Cause
The root cause is improper input validation (CWE-20) in the backup import functionality. The validation logic incorrectly assumes that the backup/index.yaml file is authoritative for the entire backup archive's configuration. However, the actual instance creation logic reads from backup/container/backup.yaml, which is never validated against project restrictions. This disconnect between validation and usage creates an exploitable gap where malicious configurations can be smuggled past security checks.
Attack Vector
The attack requires network access and authenticated credentials with instance-creation permission within a restricted LXD project. An attacker would:
- Create a legitimate backup archive from a container
- Modify the backup/container/backup.yaml file within the tar archive to include restricted settings (e.g., security.privileged=true)
- Ensure backup/index.yaml contains only allowed configurations to pass validation
- Import the crafted backup archive into the restricted project
- The container will be created with the privileged settings from backup.yaml, bypassing all project restrictions
No verified code examples are available for this vulnerability. The attack involves crafting a tar archive with divergent YAML configuration files. Technical details about the fix can be found in the GitHub Pull Request and the GitHub Security Advisory.
Detection Methods for CVE-2026-34178
Indicators of Compromise
- Containers running with security.privileged=true in projects where this setting should be restricted
- Containers with raw.lxc configuration directives in restricted projects
- Unexpected backup import operations followed by immediate container starts
- Container configurations that don't match project-level restrictions
Detection Strategies
- Audit LXD logs for backup import operations, particularly in restricted projects
- Monitor for containers with privileged configurations that violate project policies
- Implement file integrity monitoring on container configuration files
- Review container security settings across all projects for policy violations
Monitoring Recommendations
- Enable verbose logging for LXD backup import operations
- Set up alerts for any container creation with security.privileged=true or raw.lxc directives
- Periodically audit all running containers against their project restriction policies
- Monitor for unusual backup import patterns from authenticated users
How to Mitigate CVE-2026-34178
Immediate Actions Required
- Upgrade Canonical LXD to version 6.8 or later immediately
- Audit all existing containers in restricted projects for unauthorized privileged settings
- Review recent backup import operations for potential exploitation
- Restrict backup import permissions to highly trusted users until patched
Patch Information
Canonical has addressed this vulnerability in LXD version 6.8. The fix ensures that project restrictions are validated against the actual configuration file (backup/container/backup.yaml) used during instance creation, rather than only checking the backup/index.yaml file. Users should upgrade to LXD 6.8 or later as soon as possible. For technical details about the patch, refer to the GitHub Pull Request.
Workarounds
- Temporarily revoke backup import permissions from users in restricted projects until the patch can be applied
- Implement additional monitoring and alerting for privileged container configurations
- Manually audit all backup imports before allowing container creation in sensitive environments
- Consider isolating restricted projects to dedicated LXD instances until patched
# Example: Check for privileged containers that may violate project restrictions
lxc list --format=json | jq '.[] | select(.config["security.privileged"]=="true") | .name'
# Audit containers for raw.lxc configurations
lxc list --format=json | jq '.[] | select(.config["raw.lxc"]!=null) | {name: .name, raw_lxc: .config["raw.lxc"]}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
