canonical multipass Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of canonical multipass's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High5

Medium0

Low0

In CISA’s Known Exploited Vulnerabilities catalog

None of canonical multipass's CVEs are currently listed in CISA's KEV catalog.

Public exploits

2 of canonical multipass's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every canonical multipass version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

2017.2.12 CVEs
2017.2.32 CVEs
2018.10.12 CVEs
2018.11.1-pre12 CVEs
2018.11.1-pre22 CVEs
2018.11.1-pre32 CVEs
2018.12.12 CVEs
2018.12.1-rc12 CVEs
2018.12.1-rc22 CVEs
2018.2.12 CVEs
2018.4.12 CVEs
2018.4.22 CVEs
2018.6.12 CVEs
v0.10.02 CVEs
v0.10.0-dev2 CVEs
v0.10.0-rc2 CVEs
v0.10.1-rc2 CVEs
v0.11.0-dev2 CVEs
v0.52 CVEs
v0.6.02 CVEs
v0.6.0-dev2 CVEs
v0.6.0-pre12 CVEs
v0.6.0-rc2 CVEs
v0.6.12 CVEs
v0.6.1-rc2 CVEs
v0.7.02 CVEs
v0.7.0-dev2 CVEs
v0.7.0-dev22 CVEs
v0.7.0-rc2 CVEs
v0.7.12 CVEs
v0.7.1-rc2 CVEs
v0.8.02 CVEs
v0.8.0-dev2 CVEs
v0.8.0-rc2 CVEs
v0.8.12 CVEs
v0.9.02 CVEs
v0.9.0-dev2 CVEs
v0.9.0-rc2 CVEs
v1.0.02 CVEs
v1.0.12 CVEs
v1.0.1-rc2 CVEs
v1.0.22 CVEs
v1.0.2-rc2 CVEs
v1.1.02 CVEs
v1.1.0-dev2 CVEs
v1.1.0-rc2 CVEs
v1.2.02 CVEs
v1.2.0-dev2 CVEs
v1.2.0-rc2 CVEs
v1.2.12 CVEs
v1.3.02 CVEs
v1.3.0-dev2 CVEs
v1.3.0-rc2 CVEs
v1.4.02 CVEs
v1.4.0-dev2 CVEs
v1.4.0-rc2 CVEs
v1.5.02 CVEs
v1.5.0-dev2 CVEs
v1.5.0-rc2 CVEs
v1.6.02 CVEs
v1.6.0-dev2 CVEs
v1.6.0-rc2 CVEs
v1.6.12 CVEs
v1.6.22 CVEs
v1.6.2-rc2 CVEs
v1.7.02 CVEs
v1.7.0-dev2 CVEs
v1.7.0-rc2 CVEs
v1.10.01 CVE
v1.10.0-dev1 CVE
v1.10.0-rc1 CVE
v1.10.11 CVE
v1.11.01 CVE
v1.11.0-dev1 CVE
v1.11.0-rc1 CVE
v1.11.1-rc1 CVE
v1.12.01 CVE
v1.12.0-dev1 CVE
v1.12.0-rc1 CVE
v1.13.0-dev1 CVE
v1.13.0-rc1 CVE
v1.14.01 CVE
v1.14.0-dev1 CVE
v1.14.0-rc1 CVE
v1.14.0-rc11 CVE
v1.14.0-rc21 CVE
v1.14.0-rc51 CVE
v1.14.0-rc61 CVE
v1.14.0-rc71 CVE
v1.14.11 CVE
v1.14.1-rc11 CVE
v1.15.0-dev1 CVE
v1.15.0-rc11 CVE
v1.7.11 CVE
v1.7.1-rc1 CVE
v1.7.21 CVE
v1.7.2-rc1 CVE
v1.8.01 CVE
v1.8.0-dev1 CVE
v1.8.0-rc1 CVE
v1.8.11 CVE
v1.9.01 CVE
v1.9.0-dev1 CVE
v1.9.0-rc1 CVE
v1.9.11 CVE
v1.9.1-rc1 CVE
v1.9.21 CVE

Fixed in

1.16.32 CVEs
1.16.01 CVE
1.7.01 CVE
1.7.21 CVE
62fdeed7c43881e918c23a7bd6697d9ac0bbbf051 CVE
6c4b8b4f23462a58c81b708808782e682627bf9b1 CVE
845ea4a19d2af5a771ba5c0595a639c9542457bf1 CVE

Find a version

5 CVEs

Sort

Local Privilege Escalation in Canonical Multipass
CVE-2026-49237
Patch
CWE-276
High · CVSS 7.8
EPSS 0.0% (2th pct)2026-05-28
SFTP Server VM Escape in Canonical Multipass
CVE-2026-49238
Public exploit
Patch
CWE-22
High · CVSS 8.4
EPSS 0.0% (7th pct)2026-05-28
LPE on Multipass for macOS
CVE-2025-5199
Public exploit
Patch
CWE-276
High · CVSS 7.3
EPSS 0.0% (14th pct)2025-07-11
High vulnerability · 2021-10-01
CVE-2021-3747
Patch
CWE-732
High · CVSS 8.8
EPSS 0.0% (12th pct)2021-10-01
High vulnerability · 2021-10-01
CVE-2021-3626
Patch
CWE-284
High · CVSS 8.8
EPSS 0.0% (15th pct)2021-10-01

Severity and exploitation

canonical multipass Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other canonical products

Frequently asked questions

How many CVEs does canonical multipass have?

How many canonical multipass CVEs are in CISA KEV?

Are there public exploits for canonical multipass vulnerabilities?

Which versions of canonical multipass are affected?

What are the most common weakness types in canonical multipass CVEs?

What is the average severity of canonical multipass CVEs?

References

Track canonical multipass vulnerabilities