Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

incus — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in incus, with AI-generated Chinese analysis, references, and POCs.

Vendor: lxc

CVE IDTitleCVSSSeverityPublished
CVE-2026-41685 Incus: Unbounded binary import disk exhaustion CWE-770 4.3 Medium2026-05-07
CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML CWE-476 6.5 Medium2026-05-07
CVE-2026-41648 Incus: Unbounded YAML Metadata Decode via Parsing CWE-770 6.5AIMediumAI2026-05-07
CVE-2026-41647 Incus: Nil-Pointer Dereference via S3 Bucket Import CWE-476 6.5 Medium2026-05-07
CVE-2026-40251 Incus out-of-bounds panic in snapshot metadata handling allows denial of service CWE-129 6.5AIMediumAI2026-05-06
CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation CWE-295 9.1AICriticalAI2026-05-06
CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service CWE-476 6.5AIMediumAI2026-05-06
CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service CWE-476 6.5AIMediumAI2026-05-06
CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request CWE-918--2026-05-05
CVE-2026-33945 Abitrary file write through systemd-creds option CWE-22 10.0 Critical2026-03-26
CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass CWE-287 8.8 High2026-03-26
CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates CWE-1336 10.0 Critical2026-03-26
CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file CWE-770 6.5 Medium2026-03-26
CVE-2026-33711 Incus vulnerable to local privilege escalation through VM screenshot path CWE-61--2026-03-26
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers CWE-295 7.1 -2026-03-26
CVE-2026-23954 Incus container image templating arbitrary host file read and write CWE-22 8.7 High2026-01-22
CVE-2026-23953 Incus container environment configuration newline injection CWE-93 8.7 High2026-01-22
CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes CWE-269 8.8 -2025-11-10
CVE-2025-52890 Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs CWE-863 8.1 High2025-06-25
CVE-2025-52889 Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs CWE-770 3.4 Low2025-06-25

All 20 known CVE vulnerabilities affecting incus with full Chinese analysis, references, and POCs where available.