CVE-2026-33897 - Vulnerability Details

Description

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue.

Published: 2026-03-26

Score: 10 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Incus, a system container and virtual machine manager, contains a flaw in its handling of pongo2 templates. The implementation of pongo2 allows arbitrary file reads and writes with root privileges, bypassing the intended chroot isolation. This leads to the possibility of reading any file on the host or overwriting files, including critical system binaries and configuration files, thereby compromising confidentiality, integrity, and availability of the entire system.

Affected Systems

The vulnerability affects the Incus product under the lxc:incus vendor. All versions prior to 6.23.0 are impacted because the patch that disables unsafe template handling was introduced in that release.

Risk and Exploitability

The CVSS score of 10 indicates a severe threat. Although the EPSS score is not reported, the lack of a KEV listing does not reduce the risk because the flaw allows unrestricted root-level access to the file system. The attack vector is inferred to require authenticated access to the instance template functionality or a local foothold; an attacker can create or manipulate templates to gain direct root access to the host. This makes exploitation highly dangerous and likely if the vulnerability is present and the attacker has sufficient privileges or anonymity in the environment.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

lxc

incus

affected

Version	Status	Constraints
`< 6.23.0`	affected	—

No data.

Vendor Product Confidence Versions

Lxc

Incus

100%

Version	Status	Scheme	Platform
`[0,6.23.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Incus to version 6.23.0 or newer to apply the vendor patch that removes the unsafe pongo2 template handling.

Generated by OpenCVE AI on March 27, 2026 at 06:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/lxc/incus/security/advisories/GHSA-83xr-5xxr-mh92
https://nvd.nist.gov/vuln/detail/CVE-2026-33897
https://www.cve.org/CVERecord?id=CVE-2026-33897

History

Fri, 27 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-243
References		https://nvd.nist.gov/vuln/detail/CVE-2026-33897 https://www.cve.org/CVERecord?id=CVE-2026-33897
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lxc Lxc incus
Vendors & Products		Lxc Lxc incus

Fri, 27 Mar 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue.
Title		Incus vulnerable to arbitrary file read and write through pongo templates
Weaknesses		CWE-1336
References		https://github.com/lxc/incus/security/advisories/GHSA-83xr-5xxr-mh92
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Lxc Incus

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-26T22:43:31.392Z

Updated: 2026-03-26T22:43:31.392Z

Reserved: 2026-03-24T15:41:47.490Z

Link: CVE-2026-33897

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-26T23:16:20.743

Modified: 2026-03-26T23:16:20.743

Link: CVE-2026-33897

Redhat

Severity : Important

Publid Date: 2026-03-26T22:43:31Z

Links: CVE-2026-33897 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T09:22:52Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object