Description
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
References (1)
Core 1
Core References
Exploit, Vendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
Scores
CVSS v3
6.5
EPSS
0.0033
EPSS Percentile
25.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1336
Status
published
Products (2)
canonical/lxd
4.0.0 - 5.21.4
lxc/lxd
4.0.0 - 5.21.4Go
Published
Oct 02, 2025
Tracked Since
Feb 18, 2026