CVE-2026-33542

Medium CVSS: 5.7

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.

Vendor

Linuxcontainers

Product

Incus

CWE

CWE-295

Yayın Tarihi

2026-03-26 23:16:20

Güncelleme

2026-03-30 18:48:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-295 Incus MEDIUM Linuxcontainers 2026

Referanslar

https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r

Benzer Kayıtlar

High

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui…

Critical

CVE-2026-33945

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to system…

Medium

CVE-2026-33711

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API reli…

Medium

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket bac…

Critical

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to…

High

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch…