{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34178/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["lxd","privilege-escalation","container-escape","cve-2026-34178"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability exists in LXD (versions prior to the fixes mentioned below) that allows an attacker with limited privileges in a restricted project to bypass security restrictions and gain full control of the LXD host. The vulnerability stems from improper validation during instance backup import. Specifically, LXD validates project restrictions against the \u003ccode\u003ebackup/index.yaml\u003c/code\u003e file within the backup archive but creates the instance from the \u003ccode\u003ebackup/container/backup.yaml\u003c/code\u003e file. By crafting a malicious backup archive where \u003ccode\u003eindex.yaml\u003c/code\u003e appears clean while \u003ccode\u003ebackup.yaml\u003c/code\u003e contains configurations that violate project restrictions (e.g., \u003ccode\u003esecurity.privileged=true\u003c/code\u003e, \u003ccode\u003eraw.lxc\u003c/code\u003e host filesystem mounts), an attacker can create a privileged container and escape the restricted environment. This allows them to escalate privileges and potentially compromise the entire LXD host. The attacker needs \u003ccode\u003ecan_view_instances\u003c/code\u003e, \u003ccode\u003ecan_create_instances\u003c/code\u003e, and \u003ccode\u003ecan_operate_instances\u003c/code\u003e permissions. This affects LXD versions up to those patched in April 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker creates a local directory structure mimicking an LXD backup archive, including \u003ccode\u003ebackup/index.yaml\u003c/code\u003e and \u003ccode\u003ebackup/container/backup.yaml\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003ebackup/index.yaml\u003c/code\u003e file with configurations that satisfy project restrictions (e.g., no privileged mode, no raw.lxc).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003ebackup/container/backup.yaml\u003c/code\u003e file that contains configurations violating project restrictions, such as \u003ccode\u003esecurity.privileged=true\u003c/code\u003e and \u003ccode\u003eraw.lxc\u003c/code\u003e entries to mount the host\u0026rsquo;s LXD Unix socket.\u003c/li\u003e\n\u003cli\u003eThe attacker packages the crafted directory structure into a tar archive (e.g., \u003ccode\u003emalicious-backup.tar\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker uses \u003ccode\u003elxc import target-lxd: malicious-backup.tar --project restricted-project\u003c/code\u003e to import the malicious backup into the target LXD server. LXD validates against \u003ccode\u003eindex.yaml\u003c/code\u003e at this stage.\u003c/li\u003e\n\u003cli\u003eLXD extracts the contents of the tar archive, including the malicious \u003ccode\u003ebackup.yaml\u003c/code\u003e, to the storage volume. The actual instance creation uses \u003ccode\u003ebackup.yaml\u003c/code\u003e configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker starts the newly created, privileged container using \u003ccode\u003elxc start target-lxd:escalated-instance --project restricted-project\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the bind-mounted LXD Unix socket from within the container to interact with the LXD API as a full administrator, allowing them to create admin certificates, access all projects, and modify any instance, leading to full host compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to completely bypass LXD project restrictions and gain full administrative control over the LXD host. This can lead to the compromise of all containers running on the host, data theft, and further malicious activities. The vulnerability affects multi-tenant environments where LXD is used to isolate different users or projects, allowing a malicious tenant to break out of their restricted environment and compromise the entire system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patches provided by Canonical for LXD versions 6, 5.21, and 5.0 to remediate the vulnerability. Specifically, upgrade to LXD 6.7, LXD 5.21.4, or LXD 5.0.6.\u003c/li\u003e\n\u003cli\u003eMonitor LXD server logs for suspicious \u003ccode\u003elxc import\u003c/code\u003e commands, especially those targeting restricted projects. While difficult to detect solely on command line arguments, anomalous import patterns could be a sign of attempted exploitation.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect the creation of containers with \u003ccode\u003esecurity.privileged\u003c/code\u003e set to true or with \u003ccode\u003eraw.lxc\u003c/code\u003e configurations in restricted projects by analyzing the LXD database (if accessible).\u003c/li\u003e\n\u003cli\u003eAs a defense-in-depth measure, consider implementing filesystem integrity monitoring on the LXD storage volumes to detect unauthorized modifications to container configurations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-10T19:24:26Z","date_published":"2026-04-10T19:24:26Z","id":"/briefs/2026-04-lxd-backup-bypass/","summary":"A vulnerability in LXD allows an attacker with instance-creation rights in a restricted project to bypass project restrictions and escalate privileges by crafting a malicious backup archive.","title":"LXD Backup Import Bypass Allows Privilege Escalation in Restricted Projects","url":"https://feed.craftedsignal.io/briefs/2026-04-lxd-backup-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34178","version":"https://jsonfeed.org/version/1.1"}