{"id":"GO-2026-4595","summary":"Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd","details":"Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd","aliases":["CVE-2026-3351","GHSA-crmg-9m86-636r"],"modified":"2026-03-23T04:53:13.085962Z","published":"2026-03-10T18:28:25Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4595"},"references":[{"type":"ADVISORY","url":"https://github.com/canonical/lxd/security/advisories/GHSA-crmg-9m86-636r"},{"type":"FIX","url":"https://github.com/canonical/lxd/commit/d936c90d47cf0be1e9757df897f769e9887ebde1"},{"type":"FIX","url":"https://github.com/canonical/lxd/pull/17738"}],"affected":[{"package":{"name":"github.com/canonical/lxd","ecosystem":"Go","purl":"pkg:golang/github.com/canonical/lxd"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"custom_ranges":[{"events":[{"introduced":"6.6"},{"fixed":"6.7"}],"type":"ECOSYSTEM"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4595.json"}}],"schema_version":"1.7.5"}