Affected by GO-2025-3999 and 3 other vulnerabilities

GO-2025-3999: Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd

GO-2025-4003: CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd

GO-2025-4121: LXD vulnerable to a local privilege escalation through custom storage volumes in lxd in github.com/canonical/lxd

GO-2026-4595: Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd

callhook

package

v0.0.0-...-d92c1f5 Latest Latest Go to latest Published: Mar 12, 2026 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

This section is empty.

This section is empty.

func HandleContainerHook(lxdPath string, projectName string, instanceRef string, hook string) error

HandleContainerHook passes the callhook request to the LXD server via the UNIX socket.

func ParseArgs(args []string) (lxdPath string, projectName string, instanceRef string, hook string, cdiHooksFiles []string, err error)

ParseArgs parses callhook request into constituent parts.

This section is empty.