github.com/lxc/incus/v6/cmd/incusd
Go9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/lxc/incus/v6/cmd/incusdpage 1 of 1
- CVE-2026-35527MEDIUMCVSS 5.0EG 5.0✓ Fixed in 7.0.02026-05-05
Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as rest…
- CVE-2026-40195MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.0.02026-05-06
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon…
- CVE-2026-40197MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.0.02026-05-06
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon…
- CVE-2026-40243MEDIUMCVSS 4.8EG 4.8✓ Fixed in 7.0.02026-05-06
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable…
- CVE-2026-40251MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.0.02026-05-06
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon…
- CVE-2026-41647MEDIUMCVSS 6.5EG 6.52026-05-07
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This iss…
- CVE-2026-41648MEDIUMCVSS 5.0EG 5.02026-05-07
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated us…
- CVE-2026-41684MEDIUMCVSS 6.5EG 6.52026-05-07
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result…
- CVE-2026-41685MEDIUMCVSS 4.3EG 4.32026-05-07
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is…
Check whether github.com/lxc/incus/v6/cmd/incusd is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/lxc/incus/v6/cmd/incusd CVEs against the assets you own.
Start Free Scan →