What is CVE-2026-39402?

CVE-2026-39402 is a medium-severity vulnerability in Linuxcontainers Lxc, classified under Incorrect Authorization. CVSS score: 6.5/10. Published 2026-05-05.

How severe is CVE-2026-39402?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Linuxcontainers Lxc

CVE-2026-39402

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. Whe…

Vulnerability class: Broken Access Control

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Linuxcontainers Lxc
Lxc — versions < 7.0.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)

Frequently asked questions

What is CVE-2026-39402?: CVE-2026-39402 is a medium-severity vulnerability in Linuxcontainers Lxc, classified under Incorrect Authorization. CVSS score: 6.5/10. Published 2026-05-05.
How severe is CVE-2026-39402?: Medium severity. CVSS v3 base score is 6.5 out of 10.