216.73.217.98

CVE-2026-3351

· Published 03/03/2026 13:16 · Modified 03/03/2026 21:52

Labels: CVE-2026-3351 2026-03-03CVE-2026-3351CWE-862[email protected]

Essential information

Published
03/03/2026 13:16
Modified
03/03/2026 21:52
Author
Creator
CVSS
2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
canonical / lxd cpe:2.3:a:canonical:lxd:6.6:*:*:*:*:*:*:*

References