Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-34177 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-34177 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-34177 is a security control bypass vulnerability in Canonical LXD versions 4.12 through 6.7, specifically within the virtual machine configuration permission enforcement logic in lxd/project/limits/permissions.go.

Technical Detail

The flaw resides in the isVMLowLevelOptionForbidden function, which maintains a denylist of configuration keys that unprivileged users should not be permitted to set on virtual machines. The denylist is incomplete, omitting at minimum raw.apparmor and raw.qemu.conf, which allows a user with permission to configure LXD VMs to inject arbitrary AppArmor profile directives or QEMU configuration parameters. Successful exploitation could enable a tenant or restricted user to weaken or bypass mandatory access control confinement on the VM, potentially leading to privilege escalation or container/VM escape depending on the host configuration.

Exploitation Status

No known exploit exists for this vulnerability at this time. It has not been added to the CISA Known Exploited Vulnerabilities catalog. There is no public proof-of-concept code confirmed as of April 16, 2026. The CVSS score of 9.1 reflects the severity of potential impact rather than observed exploitation activity.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability. Given the nature of the flaw, it is most relevant in multi-tenant LXD environments where untrusted users have VM configuration access, such as cloud hosting or development infrastructure platforms.

What To Do

Administrators running Canonical LXD versions 4.12 through 6.7 should apply the vendor-supplied patch as soon as it becomes available and treat this as a high-priority update given the critical CVSS rating. As an interim workaround, restrict VM configuration permissions to fully trusted users only and audit existing LXD project permission assignments to ensure no untrusted principals have access to raw VM configuration keys. Monitor LXD audit logs for unexpected use of raw.apparmor or raw.qemu.conf configuration keys as a detection signal. Confirm the patched version with Canonical's security advisories before deploying in production.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →