CVE-2026-12411
HighCVSS 8.4Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A Broken Access Control vulnerability in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
Risk Assessment
The organization faces a breach of isolation between LXD guests, potentially leading to data leakage, modification, or corruption, and possible escalation of attacks to other containers.
Recommendation
Immediately disable the security.devlxd.management.volumes option if not required, and apply the available security patch from Canonical for LXD.
Original NVD description (English source)
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

