pkg:Debian/incus

39 total CVEsCRITICAL5HIGH9MEDIUM16LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-33945Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus
    from 0, < 6.0.6-2
  • CRITICAL9.9CVE-2026-33897Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus
    from 0, < 6.0.4-2+deb13u5
  • CRITICAL9.1CVE-2026-34177LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
    from 0, < 6.0.2-1
  • CRITICAL9.1CVE-2026-34178LXD: Importing a crafted backup leads to project restriction bypass
    from 0, < 6.0.4-2+deb13u6
  • CRITICAL9.1CVE-2026-34179LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin
    from 0, < 6.0.4-2+deb13u6
  • HIGH8.8CVE-2026-33898Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus
    from 0
  • HIGH8.7CVE-2026-23954Incus container image templating arbitrary host file read and write in github.com/lxc/incus
    from 0, < 6.0.4-2+deb13u4
  • HIGH8.7CVE-2026-23953Incus container environment configuration newline injection
    from 0, < 6.0.4-2+deb13u4
  • HIGH8.7CVE-2026-23953Incus container environment configuration newline injection
    from 0, < 6.0.4-2+deb13u4
  • HIGH8.3CVE-2025-54286Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
    from 0, < 6.0.4-2+deb13u1
  • HIGH8.3CVE-2025-54286Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
    from 0, < 6.0.4-2+deb13u1
  • HIGH7.8CVE-2026-33711Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus
    from 0
  • HIGH7.8CVE-2025-64507Incus vulnerable to local privilege escalation through custom storage volumes
    from 0, < 6.0.4-2+deb13u2
  • HIGH7.8CVE-2025-64507Incus vulnerable to local privilege escalation through custom storage volumes
    from 0, < 6.0.4-2+deb13u2
  • MEDIUM6.8CVE-2025-54289Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd
    from 0, < 6.0.4-2+deb13u1
  • MEDIUM6.5CVE-2026-41684Incus has Nil Dereferences on Restore via Malformed YAML
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM6.5CVE-2026-41647Incus has Nil-Pointer Dereference via S3 Bucket Import
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM6.5CVE-2026-40251Incus Vulnerable to Panic via Snapshot Bounds Check
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM6.5CVE-2026-40197Incus has a Nil-Pointer Dereference via Custom Volume Import
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM6.5CVE-2026-40195Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM6.5CVE-2026-33743Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
    from 0, < 6.0.4-2+deb13u5
  • MEDIUM6.5CVE-2025-54287Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd
    from 0, < 6.0.4-2+deb13u1
  • MEDIUM6.5CVE-2025-54293Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd
    from 0, < 6.0.4-2+deb13u1
  • MEDIUM5.3CVE-2025-54290Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd
    from 0, < 6.0.4-2+deb13u1
  • MEDIUM5.3CVE-2025-54291Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd
    from 0, < 6.0.4-2+deb13u1
  • MEDIUM5.0CVE-2026-41648Incus has Unbounded YAML Metadata Decode via Parsing
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM4.8CVE-2026-33542Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus
    from 0, < 6.0.4-2+deb13u5
  • MEDIUM4.3CVE-2026-41685Incus is affected by unbounded binary import disk exhaustion
    from 0, < 6.0.4-2+deb13u7
  • MEDIUM4.3CVE-2026-35527Incus has Blind SSRF via Image Import Preflight HEAD
    from 0, < 7.0.0-1
  • MEDIUM4.1CVE-2025-54288Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd
    from 0, < 6.0.4-2+deb13u1
  • LOW3.8CVE-2024-6156CA certificate sign check bypass in github.com/canonical/lxd
    from 0, < 6.0.3-1
  • LOW2.3CVE-2026-40243Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
    from 0, < 6.0.4-2+deb13u7
  • CVE-2026-48754(no summary)
    from 0
  • CVE-2026-48753(no summary)
    from 0
  • CVE-2026-48756(no summary)
    from 0
  • CVE-2026-47753(no summary)
    from 0
  • CVE-2026-28384lxd - security update
    from 0, < 6.0.4-2+deb13u5
  • CVE-2026-28384lxd - security update
    from 0, < 6.0.4-2+deb13u5
  • CVE-2025-54292Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or m…
    from 0