CVEFinder.io

CVE-2026-28385

🔶 medium
🔍 Scan for this CVE
Summary

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a URL source, the LXD daemon fails to validate or restrict outbound destination IP addresses, allowing connections to loopback, RFC1918 private ranges, and cloud metadata endpoints. This enables error-

Description

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a URL source, the LXD daemon fails to validate or restrict outbound destination IP addresses, allowing connections to loopback, RFC1918 private ranges, and cloud metadata endpoints. This enables error-based port scanning and unauthorized interaction with internal HTTP services from the daemon's network position.

CVSS Score
5.0
Medium
EPSS Score
-
Published Date
2026-06-26
First Seen: 2026-06-27
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.2% of all 330,193 vulnerabilities in our database.

#266,649
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 26, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Babajide Emmanuel Fakile
SSVC data provided by CISA
Last Modified 2026-06-26
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-918

📦 Affected Products 0

No affected products information available

🔗 References 2

https://github.com/canonical/lxd/pull/18462
https://github.com/canonical/lxd/security/advisories...