Search criteria
9 vulnerabilities found for incus by linuxcontainers
FKIE_CVE-2026-23953
Vulnerability from fkie_nvd - Published: 2026-01-22 22:16 - Updated: 2026-01-30 17:28
Severity ?
Summary
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6
and 6.21.0, but they have not been released at the time of publication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | incus | * | |
| linuxcontainers | incus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF87DBE-86FF-4E74-8086-AE3360A94C71",
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47AA575C-385C-4C34-8CC0-F370EC4ED7B4",
"versionEndExcluding": "6.21.0",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the \u2018incus\u2019 group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container\u2019s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6\nand 6.21.0, but they have not been released at the time of publication."
}
],
"id": "CVE-2026-23953",
"lastModified": "2026-01-30T17:28:45.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-22T22:16:20.673",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L1081"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://github.com/user-attachments/files/24473682/environment_newline_injection.sh"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/user-attachments/files/24473685/environment_newline_injection.patch"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2026-23954
Vulnerability from fkie_nvd - Published: 2026-01-22 22:16 - Updated: 2026-01-30 17:28
Severity ?
Summary
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | incus | * | |
| linuxcontainers | incus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF87DBE-86FF-4E74-8086-AE3360A94C71",
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47AA575C-385C-4C34-8CC0-F370EC4ED7B4",
"versionEndExcluding": "6.21.0",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the \u2018incus\u2019 group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication."
}
],
"id": "CVE-2026-23954",
"lastModified": "2026-01-30T17:28:49.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-22T22:16:20.833",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-64507
Vulnerability from fkie_nvd - Published: 2025-11-10 22:15 - Updated: 2025-12-29 16:29
Severity ?
Summary
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/lxc/incus/issues/2641 | Exploit, Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/lxc/incus/pull/2642 | Exploit, Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf | Exploit, Vendor Advisory, Patch | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/lxc/incus/issues/2641 | Exploit, Issue Tracking, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | incus | * | |
| linuxcontainers | incus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A65942-B80B-4A93-ADF9-AF639CE3C1BE",
"versionEndExcluding": "6.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6264E25B-FC10-461A-81EC-73D30BE1858E",
"versionEndExcluding": "6.19.0",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed."
},
{
"lang": "es",
"value": "Incus es un gestor de contenedores de sistema y m\u00e1quinas virtuales. Un problema en versiones anteriores a la 6.0.6 y 6.19.0 afecta a cualquier usuario de Incus en un entorno donde un usuario sin privilegios puede tener acceso root a un contenedor con un volumen de almacenamiento personalizado adjunto que tiene la propiedad \u0027security.shifted\u0027 establecida en \u0027true\u0027, as\u00ed como acceso al host como usuario sin privilegios. El caso m\u00e1s com\u00fan para esto ser\u00edan los sistemas que utilizan \u0027incus-user\u0027 con el grupo \u0027incus\u0027 menos privilegiado para proporcionar a los usuarios sin privilegios un acceso restringido y aislado a Incus. Dichos usuarios pueden ser capaces de crear un volumen de almacenamiento personalizado con la propiedad necesaria (dependiendo del soporte del kernel y del sistema de archivos) y luego pueden escribir un binario setuid desde dentro del contenedor que puede ser ejecutado como un usuario sin privilegios en el host para obtener privilegios de root. Se espera un parche para este problema en las versiones 6.0.6 y 6.19.0. Como soluci\u00f3n alternativa, los permisos pueden ser restringidos manualmente hasta que se implemente una versi\u00f3n parcheada de Incus."
}
],
"id": "CVE-2025-64507",
"lastModified": "2025-12-29T16:29:38.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-10T22:15:39.460",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/incus/issues/2641"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/incus/pull/2642"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory",
"Patch"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/incus/issues/2641"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2026-23954 (GCVE-0-2026-23954)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:45 – Updated: 2026-01-26 21:02
VLAI?
Title
Incus container image templating arbitrary host file read and write
Summary
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
Severity ?
8.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:02:38.599423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:02:48.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c= 6.20.0"
},
{
"status": "affected",
"version": "\u003c= 6.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the \u2018incus\u2019 group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:45:55.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294"
},
{
"name": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh"
},
{
"name": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch"
}
],
"source": {
"advisory": "GHSA-7f67-crqm-jgh7",
"discovery": "UNKNOWN"
},
"title": "Incus container image templating arbitrary host file read and write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23954",
"datePublished": "2026-01-22T21:45:55.696Z",
"dateReserved": "2026-01-19T14:49:06.312Z",
"dateUpdated": "2026-01-26T21:02:48.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23953 (GCVE-0-2026-23953)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:39 – Updated: 2026-01-26 21:00
VLAI?
Title
Incus container environment configuration newline injection
Summary
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6
and 6.21.0, but they have not been released at the time of publication.
Severity ?
8.7 (High)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23953",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:00:32.625486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:00:46.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c= 6.20.0"
},
{
"status": "affected",
"version": "\u003c= 6.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the \u2018incus\u2019 group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container\u2019s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6\nand 6.21.0, but they have not been released at the time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:39:41.015Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L1081",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L1081"
},
{
"name": "https://github.com/user-attachments/files/24473682/environment_newline_injection.sh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473682/environment_newline_injection.sh"
},
{
"name": "https://github.com/user-attachments/files/24473685/environment_newline_injection.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473685/environment_newline_injection.patch"
}
],
"source": {
"advisory": "GHSA-x6jc-phwx-hp32",
"discovery": "UNKNOWN"
},
"title": "Incus container environment configuration newline injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23953",
"datePublished": "2026-01-22T21:39:41.015Z",
"dateReserved": "2026-01-19T14:49:06.312Z",
"dateUpdated": "2026-01-26T21:00:46.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64507 (GCVE-0-2025-64507)
Vulnerability from cvelistv5 – Published: 2025-11-10 21:56 – Updated: 2025-11-12 20:13
VLAI?
Title
Incus vulnerable to local privilege escalation through custom storage volumes
Summary
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64507",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:35:12.213063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:13:48.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/incus/issues/2641"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c 6.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:56:26.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
},
{
"name": "https://github.com/lxc/incus/issues/2641",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/issues/2641"
},
{
"name": "https://github.com/lxc/incus/pull/2642",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/pull/2642"
}
],
"source": {
"advisory": "GHSA-56mx-8g9f-5crf",
"discovery": "UNKNOWN"
},
"title": "Incus vulnerable to local privilege escalation through custom storage volumes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64507",
"datePublished": "2025-11-10T21:56:26.578Z",
"dateReserved": "2025-11-05T21:15:39.399Z",
"dateUpdated": "2025-11-12T20:13:48.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23954 (GCVE-0-2026-23954)
Vulnerability from nvd – Published: 2026-01-22 21:45 – Updated: 2026-01-26 21:02
VLAI?
Title
Incus container image templating arbitrary host file read and write
Summary
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
Severity ?
8.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:02:38.599423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:02:48.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c= 6.20.0"
},
{
"status": "affected",
"version": "\u003c= 6.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the \u2018incus\u2019 group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:45:55.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294"
},
{
"name": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh"
},
{
"name": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch"
}
],
"source": {
"advisory": "GHSA-7f67-crqm-jgh7",
"discovery": "UNKNOWN"
},
"title": "Incus container image templating arbitrary host file read and write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23954",
"datePublished": "2026-01-22T21:45:55.696Z",
"dateReserved": "2026-01-19T14:49:06.312Z",
"dateUpdated": "2026-01-26T21:02:48.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23953 (GCVE-0-2026-23953)
Vulnerability from nvd – Published: 2026-01-22 21:39 – Updated: 2026-01-26 21:00
VLAI?
Title
Incus container environment configuration newline injection
Summary
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6
and 6.21.0, but they have not been released at the time of publication.
Severity ?
8.7 (High)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23953",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:00:32.625486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:00:46.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c= 6.20.0"
},
{
"status": "affected",
"version": "\u003c= 6.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the \u2018incus\u2019 group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container\u2019s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6\nand 6.21.0, but they have not been released at the time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:39:41.015Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L1081",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L1081"
},
{
"name": "https://github.com/user-attachments/files/24473682/environment_newline_injection.sh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473682/environment_newline_injection.sh"
},
{
"name": "https://github.com/user-attachments/files/24473685/environment_newline_injection.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473685/environment_newline_injection.patch"
}
],
"source": {
"advisory": "GHSA-x6jc-phwx-hp32",
"discovery": "UNKNOWN"
},
"title": "Incus container environment configuration newline injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23953",
"datePublished": "2026-01-22T21:39:41.015Z",
"dateReserved": "2026-01-19T14:49:06.312Z",
"dateUpdated": "2026-01-26T21:00:46.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64507 (GCVE-0-2025-64507)
Vulnerability from nvd – Published: 2025-11-10 21:56 – Updated: 2025-11-12 20:13
VLAI?
Title
Incus vulnerable to local privilege escalation through custom storage volumes
Summary
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64507",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:35:12.213063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:13:48.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/incus/issues/2641"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c 6.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:56:26.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
},
{
"name": "https://github.com/lxc/incus/issues/2641",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/issues/2641"
},
{
"name": "https://github.com/lxc/incus/pull/2642",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/pull/2642"
}
],
"source": {
"advisory": "GHSA-56mx-8g9f-5crf",
"discovery": "UNKNOWN"
},
"title": "Incus vulnerable to local privilege escalation through custom storage volumes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64507",
"datePublished": "2025-11-10T21:56:26.578Z",
"dateReserved": "2025-11-05T21:15:39.399Z",
"dateUpdated": "2025-11-12T20:13:48.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}