GO-2026-4882 Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus

Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus...

Incus does not verify combined fingerprint when downloading images from simplestreams servers

...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

Incus does not verify combined fingerprint when downloading images from simplestreams servers

Summary A lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Details Incus image...

CVE-2026-33542

A flaw was found in Incus, a system container and virtual machine manager. A remote attacker could exploit a lack of validation of image fingerprints when downloading from simplestreams image servers. This vulnerability, under specific conditions, could lead to image cache poisoning, allowing an...

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

PT-2026-28494

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus lacks validation of the image fingerprint when downloading from simplestreams image servers. This can lead to image cache poisoning, potentially allowing an attacker to provide a compromised ima...