CVE-2026-9639 - Authenticated Denial of Service via Malicious Backup Tarball in LXD
CVE ID :CVE-2026-9639
Published : June 26, 2026, 3:39 p.m. | 1 hour, 2 minutes ago
Description :Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 26, 2026, 3:39 p.m. | 1 hour, 2 minutes ago
Description :Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...