← Voltar para CVEs
CVE-2026-33542
MEDIUM4.8
Descricao
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
Detalhes CVE
Pontuacao CVSS v3.14.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/26/2026
Ultima modificacao3/30/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
linuxcontainers:incus
Fraquezas (CWE)
CWE-295
Referencias
https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.