Linuxcontainers

Incus

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-41685

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.05.2026 13:09:34
  • Zuletzt bearbeitet 07.05.2026 19:50:49

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited fo...

6.5

CVE-2026-41684

Exploit
  • EPSS 0.07%
  • Veröffentlicht 07.05.2026 13:08:12
  • Zuletzt bearbeitet 07.05.2026 19:51:01

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == ...

5

CVE-2026-41648

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.05.2026 13:05:42
  • Zuletzt bearbeitet 07.05.2026 19:51:19

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provi...

6.5

CVE-2026-41647

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.05.2026 13:02:15
  • Zuletzt bearbeitet 07.05.2026 19:52:13

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been...

6.5

CVE-2026-40251

Exploit
  • EPSS 0.05%
  • Veröffentlicht 06.05.2026 20:40:10
  • Zuletzt bearbeitet 07.05.2026 17:06:42

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. ...

4.8

CVE-2026-40243

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.05.2026 20:38:22
  • Zuletzt bearbeitet 08.05.2026 17:23:38

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standar...

6.5

CVE-2026-40197

Exploit
  • EPSS 0.05%
  • Veröffentlicht 06.05.2026 20:36:24
  • Zuletzt bearbeitet 07.05.2026 17:06:55

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. ...

6.5

CVE-2026-40195

Exploit
  • EPSS 0.05%
  • Veröffentlicht 06.05.2026 20:33:34
  • Zuletzt bearbeitet 07.05.2026 17:07:08

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. ...

5

CVE-2026-35527

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.05.2026 21:16:22
  • Zuletzt bearbeitet 07.05.2026 17:06:30

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.imag...

9.6

CVE-2026-33945

  • EPSS 0.03%
  • Veröffentlicht 26.03.2026 23:27:45
  • Zuletzt bearbeitet 01.04.2026 16:08:28

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configu...