CVE-2026-33711 Incus vulnerable to local privilege escalation through VM screenshot path

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable...

PT-2026-28510

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, has an issue in its API for retrieving VM screenshots. This API uses a temporary file for QEMU to write the screenshot to, which is then sent to...