The LXD 5.0/stable channel is being updated to include interim fixes since the LXD 5.0.6 LTS interim snap release 5.0.6-e49d9f4.
It is available as snap version: 5.0.6-7fc3b36 (2026-03-30) in the 5.0/stable channel.
This release includes fixes for security issues:
- VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf (CVE-2026-34177)
- Update of type field in restricted TLS certificate allows privilege escalation to cluster admin (CVE-2026-34179 )
- Importing a crafted backup leads to project restriction bypass (CVE-2026-34178 )
- Arbitrary file read and write through pongo templates (CVE-2026-33897 from Incus)
- Incus does not verify combined fingerprint when downloading images from simplestreams servers (CVE-2026-33542 from Incus)
And a bug fix: