The LXD 6/stable channel is being updated to include interim fixes since the LXD 6.7 has been released.
It is available as snap version: 6.7-d814d89 (2026-03-30) in the 6/stable channel.
This release includes fixes for security issues:
- VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf (CVE-2026-34177)
- Update of type field in restricted TLS certificate allows privilege escalation to cluster admin (CVE-2026-34179 )
- Importing a crafted backup leads to project restriction bypass (CVE-2026-34178 )
- Arbitrary file read and write through pongo templates (CVE-2026-33897 from Incus)
- Incus does not verify combined fingerprint when downloading images from simplestreams servers (CVE-2026-33542 from Incus)