← Volver a CVEs
CVE-2026-33542
MEDIUM4.8
Descripcion
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
Detalles CVE
Puntuacion CVSS v3.14.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/26/2026
Ultima modificacion3/30/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
linuxcontainers:incus
Debilidades (CWE)
CWE-295
Referencias
https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.