Debian shipped advisory DSA-6153-1 for LXD, the container and virtual machine manager, on 1 March 2026. The main flaw, CVE-2026-23953, lets a user who can launch containers end up running arbitrary commands on the host. Not as some regular user either: as root.
What actually happens
The bug is a newline injection (CWE-93) in how LXD/Incus handles a container’s environment variables. When you start a container with your own YAML configuration, you can set environment variables. Before the patch those values were written straight into the container’s lxc.conf file with no check for newline characters.
That’s the trick. Drop a \n inside a variable’s value and whatever follows it gets read as another lxc.conf configuration line. And lxc.conf accepts directives like lxc.hook.pre-start, which runs a command on the host before the container boots. Inject a hook, point it at whatever you want to run, and that command executes with root privileges on the host machine.
Who it affects
You need to be able to launch a container with a custom configuration, usually because you belong to the incus group (or its LXD equivalent). This is not a remote hole anyone can hit from the internet: it requires local access and a certain level of access rights. The real danger is compromised accounts and insiders allowed to start containers, who use this to jump straight to host root and tear through the isolation that containerisation is supposed to provide.
Affected Incus versions are 6.20.0 and earlier (specifically up to 6.0.5 and from 6.1.0 to 6.20.0). The CVE carries a CVSS score of 8.7.
Severity and patch
Debian rates the advisory as important. The fix landed in version 5.0.2-5+deb12u3 for Debian 12 (Bookworm) and the equivalent version for Debian 13 (Trixie). The patch adds a check that rejects newline characters in environment variable keys and values, so nothing extra can sneak into lxc.conf anymore.
If you run LXD containers on Debian, update the package as soon as you can:
sudo apt update && sudo apt upgrade lxdUntil you apply the patch, review who sits in the group with permission to launch containers. The fewer people who can start containers from arbitrary YAML, the smaller the attack surface. That’s good hygiene even after you update.
Debian’s original advisory grouped two command-execution flaws via malformed configurations; CVE-2026-23953 is the higher-impact one thanks to its direct jump to root.
Source
- Debian Security Announce - DSA-6153-1: https://lists.debian.org/debian-security-announce/2026/msg00062.html
- NVD - CVE-2026-23953: https://nvd.nist.gov/vuln/detail/CVE-2026-23953