A vulnerability described as critical has been identified in Canonical LXD up to 5.0.6/5.21.4/6.7.x . This impacts the function isVMLowLevelOptionForbidden of the file lxd/project/limits/permissions.go . The manipulation results in incomplete blacklist. This vulnerability was named CVE-2026-34177 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.