CVE-2026-28385 in lxd
Summary
by MITRE • 06/26/2026
In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a URL source, the LXD daemon fails to validate or restrict outbound destination IP addresses, allowing connections to loopback, RFC1918 private ranges, and cloud metadata endpoints. This enables error-based port scanning and unauthorized interaction with internal HTTP services from the daemon's network position.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/26/2026
The vulnerability under discussion represents a critical server-side request forgery flaw within Canonical LXD container management platform affecting versions 4.12 through 6.9. This security weakness resides in the image import functionality that permits authenticated users possessing the can_create_images entitlement to exploit the system's network communication capabilities. The core technical issue manifests when the LXD daemon processes image imports from URL sources without implementing proper validation of outbound destination IP addresses, creating a pathway for malicious actors to leverage the daemon's network privileges for unauthorized access.
The operational impact of this vulnerability extends beyond simple network reconnaissance as it enables authenticated users to perform error-based port scanning against internal network infrastructure. The lack of IP address validation allows connections to reach loopback addresses, private RFC1918 ranges such as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, as well as cloud metadata endpoints that are typically restricted to internal access only. This capability provides attackers with the means to enumerate services running on internal hosts from the daemon's privileged network position, effectively bypassing traditional network segmentation controls that would normally prevent such unauthorized access attempts.
From a security framework perspective, this vulnerability maps directly to CWE-918 Server-Side Request Forgery and aligns with ATT&CK technique T1071.004 Application Layer Protocol: DNS where attackers can leverage the daemon's network capabilities to interact with internal infrastructure. The flaw essentially transforms the LXD daemon into a potential proxy for internal network reconnaissance, allowing attackers to gain information about services running on internal hosts without requiring direct network access from external positions. This represents a significant elevation of privileges for authenticated users who should normally be restricted to container management operations.
The mitigation strategy involves implementing strict IP address validation and filtering mechanisms within the image import functionality to prevent connections to privileged network ranges including loopback addresses, private IP ranges, and cloud metadata endpoints. Organizations should also consider implementing network segmentation controls that restrict the daemon's ability to communicate with internal infrastructure beyond explicitly authorized services. Additionally, regular security audits should verify that the LXD configuration properly enforces network access controls and that all users with can_create_images entitlement are appropriately vetted and monitored for suspicious activities that might indicate exploitation attempts.