Canonical Multipass
5 CVEs affecting Canonical Multipass. Latest disclosed: 2026-05-28. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-3747 | High | 8.8 | 2021-10-01 | The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. |
CVE-2021-3626 | High | 8.8 | 2021-10-01 | The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating sys… |
CVE-2026-49238 | High | 8.4 | 2026-05-28 | An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges o… |
CVE-2026-49237 | High | 7.8 | 2026-05-28 | An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 up… |
CVE-2025-5199 | High | 7.3 | 2025-07-11 | In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying fi… |