CVE-2026-12411 - Broken Access Control in Canonical LXD DevLXD API
CVE ID :CVE-2026-12411
Published : June 26, 2026, 3:27 p.m. | 1 hour, 14 minutes ago
Description :Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 26, 2026, 3:27 p.m. | 1 hour, 14 minutes ago
Description :Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...