canonical cloud-init Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of canonical cloud-init's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High1

Medium5

Low0

3 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of canonical cloud-init's CVEs are currently listed in CISA's KEV catalog.

Public exploits

No canonical cloud-init CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every canonical cloud-init version named in a CVE, then pick one to see only the CVEs that affect it.

Find a version

9 CVEs

Sort

Medium vulnerability · 2025-06-26
CVE-2024-11584
Patch
CWE-732
Medium · CVSS 5.9
EPSS 0.1% (27th pct)2025-06-26
High vulnerability · 2025-06-26
CVE-2024-6174
Patch
CWE-287
High · CVSS 8.8
EPSS 0.1% (32th pct)2025-06-26
Medium vulnerability · 2023-04-26
CVE-2023-1786
Patch
CWE-532
Medium · CVSS 5.5
EPSS 0.0% (13th pct)2023-04-26
Medium vulnerability · 2023-04-19
CVE-2022-2084
Patch
CWE-532
Medium · CVSS 5.5
EPSS 0.0% (8th pct)2023-04-19
Medium vulnerability · 2023-04-19
CVE-2021-3429
Patch
CWE-532
Medium · CVSS 5.5
EPSS 0.1% (19th pct)2023-04-19
Vulnerability · 2020-02-05
CVE-2020-8632
Unscored
EPSS 0.1% (27th pct)2020-02-05
Vulnerability · 2020-02-05
CVE-2020-8631
Unscored
EPSS 0.1% (29th pct)2020-02-05
Vulnerability · 2019-11-25
CVE-2012-6639
Patch
Unscored
EPSS 1.1% (79th pct)2019-11-25
Medium vulnerability · 2018-08-01
CVE-2018-10896
Patch
CWE-321
Medium · CVSS 4.6
EPSS 0.1% (30th pct)2018-08-01

Severity and exploitation