Multipass

by Canonical Ltdv1.16.3

Last updated Jun 8, 2026

A lightweight VM Manager that supports cloud-deployment simulation

Install with winget

$ winget install --id Canonical.Multipass --exact --version 1.16.3

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Multipass

Multipass uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i multipass-1.16.3+win-win64.msi /quiet /norestart

See the full silent install reference for Multipass →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Multipass is a lightweight VM manager for Linux, Windows and macOS.

It's designed for developers who want a fresh Ubuntu environment with a single command.

It uses KVM on Linux, Hyper-V on Windows and HyperKit on macOS to run the VM with minimal overhead.

It can also use VirtualBox on Windows and macOS.

Multipass will fetch images for you and keep them up to date.

Installers · v1.16.3

Architecture	Type	Scope	Install	Download
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

5 known CVEs via NVD

high8.4Patched in wingetCVE-2026-49238affects before 1.16.3May 28, 2026
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path function in src/sshfs_mount/sftp_s...
high7.8Patched in wingetCVE-2026-49237affects before 1.16.3May 28, 2026
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries (multipass, qemu-img, qemu-s...
high7.3Patched in wingetCVE-2025-5199affects before 1.16.0Jul 11, 2025
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
Patch Vendor advisory
high8.8Patched in wingetCVE-2021-3747affects before 1.7.2Sep 30, 2021
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
Patch
high8.8Patched in wingetCVE-2021-3626affects before 1.7.0Sep 30, 2021
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
Patch

Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Docker DesktopDocker Inc.
Docker.DockerDesktopv4.77.0
Docker Desktop is an application for macOS and Windows machines for the building and sharing of containerized applications.
Docker Desktop EdgeDocker Inc.
Docker.DockerDesktopEdgev2.5.4.50534
Docker Desktop is an application for MacOS and Windows machines for the building and sharing of containerized applications. Access Docker Desktop and follow the guided onboarding to build your first containerized application in minutes.
C
cv4pve-botgramCorsinvest Srl
Corsinvest.cv4pve.botgramv1.9.0
Telegram Bot for Proxmox VE management
Kubernetes - Minikube - A Local Kubernetes Development EnvironmentKubernetes
Kubernetes.minikubev1.38.1
minikube quickly sets up a local Kubernetes cluster on macOS, Linux, and Windows. We proudly focus on helping application developers and new Kubernetes users.
L
LazydockerJesseDuffield
JesseDuffield.Lazydockerv0.25.2
Terminal UI for both docker and docker-compose
WasmEdgeWasmEdge
WasmEdge.WasmEdgev0.16.1
WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications.

More from Canonical Ltd or browse container, multipass.

Frequently asked questions

How do I install Multipass on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Canonical.Multipass --exact --version 1.16.3. winget downloads the installer from Canonical Ltd and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Multipass silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Canonical.Multipass --exact 1.16.3 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Multipass?

Multipass uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i multipass-1.16.3+win-win64.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Multipass via winget?

Run: winget uninstall --id Canonical.Multipass --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Multipass's Apps & Features entry.

Is Multipass free?

Multipass is distributed under GPL-3.0. Refer to the publisher (https://github.com/canonical/multipass) for the full license terms - Wingetly itself does not charge for installation.

Does Multipass work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Multipass directly from the publisher.

How do I keep Multipass up to date?

Run winget upgrade --id Canonical.Multipass --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Multipass from microsoft/winget-pkgs.

Recent versions

1.16.3latest
1.16.2
1.16.1
1.16.0
1.15.1
1.14.1+win
1.14.0+win
1.13.1+win
1.13.0+win
1.12.2+win