CVE-2026-3351

Low CVSS: 2.1

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

Vendor

Canonical

Product

Lxd

CWE

CWE-862

Yayın Tarihi

2026-03-03 13:16:21

Güncelleme

2026-03-11 18:41:28

Source Identifier

security@ubuntu.com

KEV Date Added

Kategoriler

CWE-862 Lxd LOW Canonical 2026

Referanslar

https://github.com/canonical/lxd/commit/d936c90d47cf0be1e9757df897f769e9887ebde1 https://github.com/canonical/lxd/pull/17738 https://github.com/canonical/lxd/security/advisories/GHSA-crmg-9m86-636r

Benzer Kayıtlar

Critical

CVE-2026-4370

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the inter…

Medium

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret o…

Medium

CVE-2026-32691

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit…

High

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18…

High

CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which…

Low

CVE-2025-5467

It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files…