CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954 Incus container image templating arbitrary host file read and write

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23953

Incus CVE-2026-23953 affects versions 6.20.0 and earlier. A user able to launch a container with a crafted YAML can inject newlines via an environment variable, enabling additional lxc.conf items and potentially arbitrary command execution on the host. Exploitation requires modifying the payload ...

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

EUVD-2026-3804

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

Incus container image templating arbitrary host file read and write

Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...

Incus container environment configuration newline injection

Summary A user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to the newline injection. This c...

Incus path traversal vulnerability

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.21.0 contained a path traversal vulnerability. This vulnerability stemmed from directory traversal or symbolic link issues within the template functionality, which could lead to arbitrary file...

Incus injection vulnerability

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.20.0 have a vulnerability that allows for injection attacks. This vulnerability stems from the ability to add arbitrary lifecycle hooks in container configurations through line breaks, potential...

Linux Distros Unpatched Vulnerability : CVE-2026-23954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a...

Linux Distros Unpatched Vulnerability : CVE-2026-23953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML...

PT-2026-28575

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus is a system container and virtual machine manager. Incus instances allow providing credentials to systemd within the guest environment, managed through a shared directory for containers. Prior t...

PT-2026-28510

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, has an issue in its API for retrieving VM screenshots. This API uses a temporary file for QEMU to write the screenshot to, which is then sent to...

PT-2026-28561

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server initiated by incus webui does not properly validate authentication tokens, accepting invalid values...

PT-2026-28522

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, contains a flaw where a specially crafted storage bucket backup can be used by a user with access to the storage bucket feature to crash the Incu...