CVE-2026-33743

Medium CVSS: 6.5

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any running workload, existing containers and virtual machines will keep operating. Version 6.23.0 fixes the issue.

Vendor

Linuxcontainers

Product

Incus

CWE

CWE-770

Yayın Tarihi

2026-03-26 23:16:20

Güncelleme

2026-03-30 18:54:51

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-770 Incus MEDIUM Linuxcontainers 2026

Referanslar

https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3 https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3

Benzer Kayıtlar

High

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui…

Critical

CVE-2026-33945

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to system…

Medium

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fing…

Medium

CVE-2026-33711

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API reli…

Critical

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to…

High

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch…