Description
Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue.
Published: 2026-03-26
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation – arbitrary root file read/write
Action: Immediate Patch
AI Analysis

Impact

Incus, a system container and virtual machine manager, contains a flaw in its use of pongo2 templates that allows an attacker to read or modify any file on the host system with root privileges. The vulnerability arises because the chroot isolation intended to confine template execution is bypassed, enabling the template to access the entire host filesystem. This weakness corresponds to CWE‑1336 (Improper Validation of Runtime Parameters) and CWE‑243 (Resource Disconnection Without Cleanup). The result is a serious threat to confidentiality, integrity, and availability, since an attacker could exfiltrate sensitive data, alter critical system files, or even deploy malicious code.

Affected Systems

All Incus installations running versions earlier than 6.23.0 are impacted. The vulnerability affects the core Incus product from Linux Containers, regardless of deployment mode. No additional vendor or product variations are reported.

Risk and Exploitability

The CVSS score of 10 indicates maximal severity, and the EPSS score of below 1% suggests the likelihood of real‑world exploitation is low at present. However, because the attack requires only the ability to supply a pongo2 template to an instance, the potential attack vector is relatively simple once an instance is reachable. The vulnerability is not listed in the CISA KEV catalog, but its high impact warrants immediate attention. Once exploited, an attacker gains full read/write access to the host filesystem, effectively compromising the entire platform.

Generated by OpenCVE AI on March 30, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch to upgrade Incus to version 6.23.0 or later
  • Ensure that any remaining instances are rebuilt from clean templates to eliminate residual risks
  • Reconfigure Incus to disable or tightly restrict arbitrary pongo2 template execution where possible
  • Continuously monitor system logs for unexpected template activity or file manipulation

Generated by OpenCVE AI on March 30, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6188-1 lxd security update
Github GHSA Github GHSA GHSA-83xr-5xxr-mh92 Incus vulnerable to arbitrary file read and write through pongo templates
History

Mon, 30 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Linuxcontainers
Linuxcontainers incus
CPEs cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*
Vendors & Products Linuxcontainers
Linuxcontainers incus

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-243
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Lxc
Lxc incus
Vendors & Products Lxc
Lxc incus

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue.
Title Incus vulnerable to arbitrary file read and write through pongo templates
Weaknesses CWE-1336
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Linuxcontainers Incus
Lxc Incus
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T20:02:55.502Z

Reserved: 2026-03-24T15:41:47.490Z

Link: CVE-2026-33897

cve-icon Vulnrichment

Updated: 2026-03-27T20:02:51.439Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T23:16:20.743

Modified: 2026-03-30T18:55:33.887

Link: CVE-2026-33897

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-26T22:43:31Z

Links: CVE-2026-33897 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:57:21Z

Weaknesses