Vulnerability in Lxc Incus

CVE-2026-33711

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prio…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

Affected products

Lxc Incus — versions < 6.23.0

Weakness classification (CWE)

CWE-61 — UNIX Symbolic Link (Symlink) Following

References

https://github.com/lxc/incus/security/advisories/GHSA-q9vp-3wcg-8p4x (x_refsource_CONFIRM)