GHSA-98VH-X9CX-9CFP Incus is affected by unbounded binary import disk exhaustion

Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...

SUSE CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

GO-2026-4704 IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd

IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd...

CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

CVE-2026-32606 IncusOS has a LUKS encryption bypass due to insufficient TPM policy

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

CVE-2026-32606 IncusOS has a LUKS encryption bypass due to insufficient TPM policy

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

CVE-2026-32606

CVE-2026-32606 affects IncusOS (immutable OS image) where, prior to 202603142010, systemd-cryptenroll TPM-based LUKS key release can occur if PCR7/PCR11 conditions are met, allowing physical attackers to substitute the root partition, boot with a recovery key, and retrieve the LUKS master key via...

IncusOS 安全漏洞

IncusOS is an immutable operating system image developed for container management platforms, based on the LXC open source framework. Previous versions of IncusOS 202603142010 contained security vulnerabilities. These vulnerabilities stemmed from a default configuration that allowed physical acces...

IncusOS has a LUKS encryption bypass due to insufficient TPM policy

The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...

GHSA-WJ2J-QWCF-CFCC IncusOS has a LUKS encryption bypass due to insufficient TPM policy

The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...

PT-2026-25845

Name of the Vulnerable Software and Affected Versions IncusOS versions prior to 202603142010 Description The default configuration of systemd-cryptenroll, as used by IncusOS through mkosi, allows an attacker with physical access to the machine to access encrypted data without requiring interactio...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

GHSA-7F67-CRQM-JGH7 Incus container image templating arbitrary host file read and write

Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...