CVE-2026-23954 (GCVE-0-2026-23954)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:45 – Updated: 2026-01-26 21:02
VLAI
EPSS
VEX
Title
Incus container image templating arbitrary host file read and write
Summary
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
Severity
8.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/lxc/incus/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/lxc/incus/blob/HEAD/internal/s… | x_refsource_MISC |
| https://github.com/lxc/incus/blob/HEAD/internal/s… | x_refsource_MISC |
| https://github.com/user-attachments/files/2447359… | x_refsource_MISC |
| https://github.com/user-attachments/files/2447360… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:02:38.599423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:02:48.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c= 6.20.0"
},
{
"status": "affected",
"version": "\u003c= 6.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the \u2018incus\u2019 group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:45:55.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215"
},
{
"name": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294"
},
{
"name": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh"
},
{
"name": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch"
}
],
"source": {
"advisory": "GHSA-7f67-crqm-jgh7",
"discovery": "UNKNOWN"
},
"title": "Incus container image templating arbitrary host file read and write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23954",
"datePublished": "2026-01-22T21:45:55.696Z",
"dateReserved": "2026-01-19T14:49:06.312Z",
"dateUpdated": "2026-01-26T21:02:48.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-23954",
"date": "2026-07-10",
"epss": "0.00731",
"percentile": "0.49963"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23954\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-22T22:16:20.833\",\"lastModified\":\"2026-06-17T10:22:20.753\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the \u2018incus\u2019 group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.\"},{\"lang\":\"es\",\"value\":\"Incus es un gestor de contenedores de sistema y m\u00e1quinas virtuales. Las versiones 6.21.0 e inferiores permiten a un usuario con la capacidad de lanzar un contenedor con una imagen personalizada (por ejemplo, un miembro del grupo \u0027incus\u0027) utilizar salto de directorio o enlaces simb\u00f3licos en la funcionalidad de plantillas para lograr la lectura arbitraria de archivos del host y la escritura arbitraria de archivos del host. Esto finalmente resulta en la ejecuci\u00f3n arbitraria de comandos en el host. Al usar una imagen con un metadata.yaml que contiene plantillas, ni las rutas de origen ni las de destino se verifican en busca de enlaces simb\u00f3licos o salto de directorio. Esto tambi\u00e9n puede ser explotado en IncusOS. Se planea una correcci\u00f3n para las versiones 6.0.6 y 6.21.0, pero no han sido lanzadas en el momento de la publicaci\u00f3n.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"lxc\",\"product\":\"incus\",\"versions\":[{\"version\":\"\u003e= 6.1.0, \u003c= 6.20.0\",\"status\":\"affected\"},{\"version\":\"\u003c= 6.0.5\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-26T21:02:38.599423Z\",\"id\":\"CVE-2026-23954\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.5\",\"matchCriteriaId\":\"0DF87DBE-86FF-4E74-8086-AE3360A94C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.21.0\",\"matchCriteriaId\":\"47AA575C-385C-4C34-8CC0-F370EC4ED7B4\"}]}]}],\"references\":[{\"url\":\"https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]}]}}",
"redhat_vex": {
"current_release_date": "2026-06-28T07:21:32+00:00",
"cve": "CVE-2026-23954",
"id": "CVE-2026-23954",
"initial_release_date": "2026-01-22T21:45:55.696000+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "incus: container image templating arbitrary host file read and write",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23954.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23954\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-26T21:02:38.599423Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-26T21:02:44.533Z\"}}], \"cna\": {\"title\": \"Incus container image templating arbitrary host file read and write\", \"source\": {\"advisory\": \"GHSA-7f67-crqm-jgh7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"lxc\", \"product\": \"incus\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 6.1.0, \u003c= 6.20.0\"}, {\"status\": \"affected\", \"version\": \"\u003c= 6.0.5\"}]}], \"references\": [{\"url\": \"https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7\", \"name\": \"https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215\", \"name\": \"https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294\", \"name\": \"https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh\", \"name\": \"https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch\", \"name\": \"https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the \\u2018incus\\u2019 group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-22T21:45:55.696Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-23954\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-26T21:02:48.738Z\", \"dateReserved\": \"2026-01-19T14:49:06.312Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-22T21:45:55.696Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…