CVE-2026-33897

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0

Description Incus, a system container and virtual machine manager, allows instance template files to be used to perform arbitrary read and write operations as root on the host server. The software utilizes pongo2 templates within instances, intended for templating files inside the instance. The pongo2 chroot isolation mechanism, designed to restrict file access to the instance's filesystem, is bypassed, granting access to the entire system's filesystem with root privileges. This issue impacts system security and could lead to data exposure or system manipulation.

Recommendations Update Incus to version 6.23.0 or later.