CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-12411 — Broken Access Control in the devLXDInstancePatchHandler component of Canonical L...

·Source: NIST NVD

Updated:

Executive Summary

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

Analysis

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled. CVSS Score: 8.4. Published: 2026-06-26T16:16:30.117.

Indicators of Compromise (1)

CVE (1)
CVE-2026-12411
Source Attribution

Originally published by NIST NVD on Jun 26, 2026. Verified by: NIST.

Related Threats