SUSE CVE-2026-33897

🗓️ 28 Mar 2026 00:24:27Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 2 Views

Incus prior to version 6.23.0 allowed root read and write on the host via pongo2 templates by skipping chroot, now patched.

Reporter	Title	Published	Views	Family All 44
ATTACKERKB	CVE-2026-33897	26 Mar 202622:43	–	attackerkb
AlpineLinux	CVE-2026-33897	26 Mar 202622:43	–	alpinelinux
Circl	CVE-2026-33897	26 Mar 202623:18	–	circl
CNNVD	Incus 安全漏洞	26 Mar 202600:00	–	cnnvd
CVE	CVE-2026-33897	26 Mar 202622:43	–	cve
Cvelist	CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates	26 Mar 202622:43	–	cvelist
Debian	[BSA-129] Security Update for incus	30 Mar 202612:51	–	debian
Debian	[SECURITY] [DSA 6188-1] lxd security update	31 Mar 202620:52	–	debian
Debian CVE	CVE-2026-33897	26 Mar 202622:43	–	debiancve
Tenable Nessus	Debian dsa-6188 : golang-github-canonical-lxd-dev - security update	1 Apr 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	incus	6.23-1.1	incus-6.23-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	incus-bash-completion	6.23-1.1	incus-bash-completion-6.23-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	incus-fish-completion	6.23-1.1	incus-fish-completion-6.23-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	incus-tools	6.23-1.1	incus-tools-6.23-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	incus-zsh-completion	6.23-1.1	incus-zsh-completion-6.23-1.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2026-33897
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1260935

25 Jun 2026 02:23Current

6Medium risk

Vulners AI Score6

CVSS 3.18.8

EPSS0.00481

incus pongo2 templates chroot isolation host filesystem root access cve 2026 33897