Description
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
Published: 2026-03-26
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Malicious Container Image
Action: Apply Patch
AI Analysis

Impact

Incus, a system container and virtual machine manager, fails to validate the combined fingerprint of images downloaded from simplestreams servers before storing them in its local cache. This omission allows an attacker to perform image cache poisoning, such that a malicious image is cached under the expectation of a legitimate one. If a victim tenant subsequently runs the corrupted image, the attacker can execute arbitrary code within the tenant, potentially escalating privileges to the host. The vulnerability stems from a lack of cryptographic verification (CWE‑295) and improper handling of trust boundaries (CWE‑354).

Affected Systems

The issue affects Incus versions earlier than 6.23.0 from the Linux Containers project. Users running these versions are susceptible to the described image cache poisoning risk.

Risk and Exploitability

The CVSS score of 5.7 indicates a moderate severity, while the EPSS score of less than 1% suggests a low current exploitation likelihood. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers would need to infiltrate or trick the development of a simplestreams image server or otherwise supply a malicious image via the network, leading to potential compromise when tenants consume the poisoned artifact.

Generated by OpenCVE AI on March 30, 2026 at 21:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Incus to version 6.23.0 or later, which validates image fingerprints during download.
  • If an upgrade is delayed, restrict image sources to known, trusted simplestreams servers by configuring appropriate access controls.
  • Manually verify image fingerprints against published checksums before caching when using external image repositories.
  • Monitor image download logs for anomalies or failures in fingerprint verification.
  • If a compromised image has been cached, delete it from the local cache and rebuild affected containers from a verified source.

Generated by OpenCVE AI on March 30, 2026 at 21:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6184-1 incus security update
Debian DSA Debian DSA DSA-6188-1 lxd security update
Github GHSA Github GHSA GHSA-p8mm-23gg-jc9r Incus does not verify combined fingerprint when downloading images from simplestreams servers
History

Mon, 30 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Linuxcontainers
Linuxcontainers incus
CPEs cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*
Vendors & Products Linuxcontainers
Linuxcontainers incus
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-354
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Lxc
Lxc incus
Vendors & Products Lxc
Lxc incus

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
Title Incus does not verify combined fingerprint when downloading images from simplestreams servers
Weaknesses CWE-295
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P'}

Subscriptions

Linuxcontainers Incus
Lxc Incus
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-30T11:47:37.934Z

Reserved: 2026-03-20T18:05:11.832Z

Link: CVE-2026-33542

cve-icon Vulnrichment

Updated: 2026-03-30T11:47:34.406Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T23:16:20.113

Modified: 2026-03-30T18:48:50.393

Link: CVE-2026-33542

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-26T22:32:13Z

Links: CVE-2026-33542 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:26Z

Weaknesses