CVE-2026-40197

Name of the Vulnerable Software and Affected Versions Incus (affected versions not specified)

Description A nil-pointer dereference exists in the custom volume backup import subsystem. An authenticated user with access to the storage volume feature can cause the Incus daemon to crash by importing a crafted backup archive. The issue occurs because the daemon iterates over the VolumeSnapshots slice in srcBackup.Config and dereferences elements without validating if they are initialized. An attacker can provide an index.yaml file containing explicit null array elements in the volume snapshots array, which the YAML unmarshaler converts into nil pointers. This triggers a crash in the CreateCustomVolumeFromBackup() function, leading to a denial of service on the node.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.