CVE-2026-3351

Published: Mar 3, 2026

Modified: Mar 5, 2026

PUBLISHED

Description

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

Vendor	Product	Versions
Canonical	lxd	affected `6.6`

Weaknesses (CWE)

CWE-862

References

https://github.com/canonical/lxd/security/advisories/GHSA-crmg-9m86-636r

vdb-entry

vendor-advisory

lxd/certificates: Return only allowed certificates in non-recursive list

patch

issue-tracking

https://github.com/canonical/lxd/commit/d936c90d47cf0be1e9757df897f769e9887ebde1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-3351

Description

Affected Products

Weaknesses (CWE)

References