CVE-2026-41647

Name
CVE-2026-41647
Description
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/lxc/incus/releases/tag/v7.0.0
Exploit https://github.com/lxc/incus/security/advisories/GHSA-fwj8-62r8-8p8m

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:* incus >= None < 7.0.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
incus-feature edge-community 7.0.0-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
incus edge-community 7.0.0-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
incus edge-community 6.0.6-r1 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.6-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r9 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r8 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r7 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r6 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r5 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r4 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r3 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r2 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r1 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.5-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.4-r5 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.4-r4 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.4-r3 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.4-r2 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.4-r1 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.4-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.3-r4 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.3-r3 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.3-r2 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.3-r1 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.3-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus edge-community 6.0.2-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.6-r2 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.6-r1 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.6-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.5-r8 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.5-r7 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.5-r6 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.5-r5 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
incus 3.23-community 6.0.5-r4 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable