CVE-2026-33945

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0

Description Incus is a system container and virtual machine manager. Incus instances allow providing credentials to systemd within the guest environment, managed through a shared directory for containers. Prior to version 6.23.0, an attacker could manipulate a configuration key, such as systemd.credential.../../../../../../root/.bashrc, to induce Incus to write files outside the designated credentials directory. This is possible because the Incus syntax for credentials, systemd.credential.XYZ, permits multiple periods within the XYZ component. While reading data is not possible through this method, writing to arbitrary files as root is achievable, potentially leading to privilege escalation and denial of service attacks. The vulnerability leverages the ability to traverse directory structures using specially crafted credential names.

Recommendations Versions prior to 6.23.0 should be updated to version 6.23.0 or later.