Description
Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs and sends a HEAD request directly from the attacker-supplied source URL to resolve image metadata, and this network interaction occurs before the flow reaches the point where the import would be rejected by policy. Although the actual image download is blocked by the project restriction, an authenticated user can coerce the daemon into making blind HEAD requests to arbitrary destinations.

These requests include server metadata in custom headers (Incus-Server-Architectures, Incus-Server-Version), which discloses information about the host environment to the attacker-controlled endpoint. This blind SSRF primitive can be used to probe internal services, unroutable address space, or cloud metadata endpoints reachable from the host.

This vulnerability pattern is similar to CVE-2026-24767. This issue has been fixed in version 7.0.0.
Published: 2026-05-05
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Incus image import performs an outbound HTTP HEAD request to a user supplied URL before enforcing project policy restrictions such as restricted.images.servers. The request contains custom headers that expose the host’s architecture and version. The SSRF is blind because the actual image download is blocked by policy, but the request is still issued. This allows an authenticated user to coerce the daemon into contacting arbitrary internal endpoints and leaking information about the host environment, which can be leveraged to probe internal services or cloud metadata endpoints.

Affected Systems

All Incus installations running a version earlier than 7.0.0 are affected. The vulnerability exists in every release before the 7.0.0 update, regardless of the operating system or deployment topology.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate exploitation risk. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog. The attack requires an authenticated user with permission to import images, yet it can still be used to discover internal network services or cloud metadata. The exploit path is straightforward: an attacker sends an image import request with a crafted source URL, and the daemon performs a blind HEAD request before rejecting the image based on policy.

Generated by OpenCVE AI on May 5, 2026 at 21:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Incus to version 7.0.0 or later.
  • If an upgrade is not immediately possible, configure the daemon to restrict image sources by setting the restricted.images.servers property or disabling image import for unauthenticated users.
  • Apply firewall or network segmentation rules to block outbound HEAD requests from the Incus host to destinations that should not be reachable from the host.

Generated by OpenCVE AI on May 5, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8gw4-p4wq-4hcv Incus has Blind SSRF via Image Import Preflight HEAD
History

Tue, 05 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Lxc
Lxc incus
Vendors & Products Lxc
Lxc incus

Tue, 05 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs and sends a HEAD request directly from the attacker-supplied source URL to resolve image metadata, and this network interaction occurs before the flow reaches the point where the import would be rejected by policy. Although the actual image download is blocked by the project restriction, an authenticated user can coerce the daemon into making blind HEAD requests to arbitrary destinations. These requests include server metadata in custom headers (Incus-Server-Architectures, Incus-Server-Version), which discloses information about the host environment to the attacker-controlled endpoint. This blind SSRF primitive can be used to probe internal services, unroutable address space, or cloud metadata endpoints reachable from the host. This vulnerability pattern is similar to CVE-2026-24767. This issue has been fixed in version 7.0.0.
Title Incus blind SSRF via image import preflight HEAD request
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Lxc Incus
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T19:56:43.388Z

Reserved: 2026-04-03T02:15:39.281Z

Link: CVE-2026-35527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T21:16:22.097

Modified: 2026-05-05T21:16:22.097

Link: CVE-2026-35527

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:30:05Z

Weaknesses