Canonical: >> Multipass >> 1.1.0 Security Vulnerabilities
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-07-12
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-10-01