CRITICAL9.9CVE-2026-48751Incus has a restricted project bypass leading to arbitrary command execution from 0, < 7.2.0
CRITICAL9.9CVE-2026-48755Incus has an argument injection in backup compression algorithm leading to AFW and ACE from 0, < 7.2.0
CRITICAL9.9CVE-2026-48769Incus has an arbitrary file write on its client due to trusted image hash from 0, < 7.2.0
CRITICAL9.9Incus has arbitrary file read+write on host via templates/ symlink in malicious image
from 0, < 7.2.0
CRITICAL9.9Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
from 0, < 7.2.0
CRITICAL9.9Incus has an arbitrary file write on host via `exec-output` symlink in crafted image
from 0, < 7.2.0
CRITICAL9.9Incus has an arbitrary file write via path traversal in S3 multipart upload
from 0, < 7.1.0
—Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}
from 0, < 7.1.0
—Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)
from 0, < 7.1.0