CVE-2026-3351 Linux — Exploit & Vulnerability Details LOW

CVE-2026-3351

LOW CVSS 4.0: 2.1 EPSS 0.02%

Parameter	Value
CVSS	2.1 (LOW)
Type	CWE-862 (Missing Authorization)
Vendor	Linux
Public PoC	No

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-862 Missing Authorization

References 3

https://github.com/canonical/lxd/commit/d936c90d47cf0be1e9757df897f769e9887ebde1

security@ubuntu.com

https://github.com/canonical/lxd/pull/17738

security@ubuntu.com

https://github.com/canonical/lxd/security/advisories/GHSA-crmg-9m86-636r

security@ubuntu.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31413

Linux

None

CVE-2026-31412

Linux

None

CVE-2026-5329

Linux

8.5

CVE-2026-34079

Linux

8.7

CVE-2026-34078

Linux

9.3

Menu

CVE-2026-3351

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-31413

CVE-2026-31412

CVE-2026-5329

CVE-2026-34079

CVE-2026-34078

CVE Details

Editor's Choice

Menu

CVE-2026-3351

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-31413

CVE-2026-31412

CVE-2026-5329

CVE-2026-34079

CVE-2026-34078

CVE Details

Editor's Choice

Stay informed on cybersecurity