CRITICALVulnerability
Verified
Global
NVD CRITICAL: CVE-2026-12411 — Broken Access Control in the devLXDInstancePatchHandler component of Canonical L...
·Source: NIST NVD
Updated:
Executive Summary
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
Analysis
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled. CVSS Score: 8.4. Published: 2026-06-26T16:16:30.117.