← Retour aux CVEs
CVE-2026-33542
MEDIUM4.8
Description
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
Details CVE
Score CVSS v3.14.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie3/26/2026
Derniere modification3/30/2026
Sourcenvd
Observations honeypot0
Produits affectes
linuxcontainers:incus
Faiblesses (CWE)
CWE-295
References
https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.