Strix
26.1K

CVE-2026-12411

HIGHCVSS 8.4/10

Last modified

CVE-2026-12411 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled..

Description

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

Metrics

CVSS 3.1
8.4/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Undergoing Analysis

Frequently Asked Questions

What is CVE-2026-12411?
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
How severe is CVE-2026-12411?
CVE-2026-12411 has a CVSS score of 8.4/10 (HIGH severity).
How do I fix CVE-2026-12411?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-12411?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST