Lxc Incus
20 CVEs affecting Lxc Incus. Latest disclosed: 2026-05-07. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33945 | Critical | 10.0 | 2026-03-26 | Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is… |
CVE-2026-33897 | Critical | 10.0 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root… |
CVE-2026-33898 | High | 8.8 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authenticat… |
CVE-2026-23954 | High | 8.7 | 2026-01-22 | Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g… |
CVE-2026-23953 | High | 8.7 | 2026-01-22 | Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configu… |
CVE-2025-52890 | High | 8.1 | 2025-06-25 | Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables ru… |
CVE-2026-41684 | Medium | 6.5 | 2026-05-07 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and o… |
CVE-2026-41647 | Medium | 6.5 | 2026-05-07 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a dae… |
CVE-2026-40251 | Medium | 6.5 | 2026-05-06 | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authen… |
CVE-2026-40197 | Medium | 6.5 | 2026-05-06 | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authen… |
CVE-2026-40195 | Medium | 6.5 | 2026-05-06 | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authen… |
CVE-2026-33743 | Medium | 6.5 | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access… |
CVE-2026-41648 | Medium | 5.0 | 2026-05-07 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parse… |
CVE-2026-35527 | Medium | 5.0 | 2026-05-05 | Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supp… |
CVE-2026-40243 | Medium | 4.8 | 2026-05-06 | Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow c… |
CVE-2026-41685 | Medium | 4.3 | 2026-05-07 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus serve… |
CVE-2025-52889 | Low | 3.4 | 2025-06-25 | Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables ru… |
CVE-2026-33711 | | 2026-03-26 | Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for Q… | |
CVE-2026-33542 | | 2026-03-26 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestr… | |
CVE-2025-64507 | | 2025-11-10 | Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unpri… |