pkg:Go/github.com/lxc/incus/v6

19 total CVEsCRITICAL4HIGH10MEDIUM3LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-33945Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus
    from 0, < 6.23.0
  • CRITICAL9.9CVE-2026-33945Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus
    from 0, < 6.23.0
  • CRITICAL9.9CVE-2026-33897Incus vulnerable to arbitrary file read and write through pongo templates
    from 0, < 6.23.0
  • CRITICAL9.9CVE-2026-33897Incus vulnerable to arbitrary file read and write through pongo templates
    from 0, < 6.23.0
  • HIGH8.8CVE-2026-33898Local Incus UI web server vulnerable to nuthentication bypass
    from 0, < 6.23.0
  • HIGH8.7CVE-2026-23954Incus container image templating arbitrary host file read and write
    >= 6.1.0
  • HIGH8.7CVE-2026-23953Incus container environment configuration newline injection
    from 0, < 6.21.0
  • HIGH8.7CVE-2026-23953Incus container environment configuration newline injection
    >= 6.1.0
  • HIGH8.1CVE-2025-52890Incus creates nftables rules that partially bypass security options
    >= 6.12.0, < 6.14.0
  • HIGH8.1CVE-2025-52890Incus creates nftables rules that partially bypass security options
    >= 6.12.0, < 6.14.0
  • HIGH7.8CVE-2026-33711Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus
    from 0, < 6.23.0
  • HIGH7.8CVE-2026-33711Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus
    from 0, < 6.23.0
  • HIGH7.8CVE-2025-64507Incus vulnerable to local privilege escalation through custom storage volumes
    from 0, < 6.19.0
  • HIGH7.8CVE-2025-64507Incus vulnerable to local privilege escalation through custom storage volumes
    >= 6.1.0
  • MEDIUM6.5CVE-2026-33743Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
    from 0, < 6.23.0
  • MEDIUM6.5CVE-2026-33743Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
    from 0, < 6.23.0
  • MEDIUM4.8CVE-2026-33542Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus
    from 0, < 6.23.0
  • LOW3.4CVE-2025-52889Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks
    >= 6.12.0, < 6.14.0
  • LOW3.4CVE-2025-52889Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks
    from 0, < 6.14.0