Comment 3 for bug 1884341

I reported the same issue to LXD team and they should push a fix today (drop everything that is not arp/ip/ip6). They will keep the security details under embargo until you are ready (or say that you are not affected).

For the severity, I believe that using DHCP spoofing, you should be able to impersonate the metadata service at http://169.254.169.254 and inject your ssh keys in other instances on boot.