Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-23954

CVE-2026-23954: Incus Path Traversal Vulnerability

CVE-2026-23954 is a path traversal flaw in Linuxcontainers Incus that allows attackers to achieve arbitrary command execution on the host. This post covers technical details, affected versions, impact, and mitigation.

Updated:

CVE-2026-23954 Overview

CVE-2026-23954 is a path traversal vulnerability [CWE-22] in Incus, a system container and virtual machine manager maintained by the Linux Containers project. Versions 6.21.0 and below permit a user with rights to launch a container from a custom image to abuse the image templating functionality. The templating logic fails to validate source and target paths for symbolic links or directory traversal sequences. An attacker can leverage this flaw to read and write arbitrary files on the host, leading to arbitrary command execution. IncusOS deployments are also affected.

Critical Impact

A member of the incus group can escape the container boundary through crafted metadata.yaml templates and obtain full command execution on the host system.

Affected Products

  • Linux Containers Incus versions 6.21.0 and earlier
  • Linux Containers Incus 6.0.x LTS branch (fix planned for 6.0.6)
  • IncusOS distributions bundling vulnerable Incus releases

Discovery Timeline

  • 2026-01-22 - CVE-2026-23954 published to NVD
  • 2026-01-30 - Last updated in NVD database

Technical Details for CVE-2026-23954

Vulnerability Analysis

The vulnerability resides in the LXC driver code that processes container image templates. When Incus launches a container from a custom image, it parses the bundled metadata.yaml file. This file can declare template entries that map source template files to target locations inside the container filesystem. The driver expands these templates during instance creation.

Neither the source nor the target path receives validation against symbolic links or .. traversal sequences. A crafted image can therefore direct the template engine to read files outside the image bundle and write rendered output anywhere the Incus daemon can reach. Because the daemon runs with elevated privileges on the host, writes can target system locations such as /etc/cron.d, /root/.ssh/authorized_keys, or systemd unit directories.

Root Cause

The template handling functions in internal/server/instance/drivers/driver_lxc.go (referenced at lines 7215 and 7294) resolve user-supplied paths without canonicalization or jail enforcement. The code trusts paths declared in metadata.yaml and follows symbolic links during read and write operations.

Attack Vector

Exploitation requires local or adjacent network access and low-privilege membership in the incus group. The attacker builds a malicious image archive containing a metadata.yaml that references templates with traversal sequences or symlinks. Launching a container from this image triggers the templated reads and writes against host paths. Writing an executable payload to a directory that the host periodically invokes results in arbitrary command execution as the Incus daemon user, typically root.

A proof-of-concept script (template_arbitrary_write.sh) demonstrating the arbitrary write path is referenced in the upstream advisory.

Detection Methods for CVE-2026-23954

Indicators of Compromise

  • Custom container images containing metadata.yaml entries with .. sequences or symbolic links in source or target template fields
  • Unexpected file writes to host paths such as /etc/, /root/, /var/spool/cron/, or systemd unit directories originating from the Incus daemon process
  • New entries in authorized_keys, cron tables, or service units created during container creation events

Detection Strategies

  • Audit Incus daemon logs for instance create and template rendering operations that resolve to paths outside the instance rootfs
  • Inspect image metadata before import using tar -tf and review templates/ directories and metadata.yaml for traversal patterns
  • Monitor process lineage where incusd spawns writes to sensitive system directories

Monitoring Recommendations

  • Enable file integrity monitoring on /etc, /root/.ssh, /etc/systemd/system, and cron directories on hosts running Incus
  • Forward Incus daemon audit logs to a centralized analytics platform and alert on template operations referencing paths outside expected image bundles
  • Track membership changes to the incus and incus-admin groups

How to Mitigate CVE-2026-23954

Immediate Actions Required

  • Restrict membership of the incus group to trusted administrators only and treat group members as privileged users on the host
  • Disable launching of containers from untrusted custom images until patched releases are deployed
  • Review existing image stores and remove any images with suspicious metadata.yaml template definitions

Patch Information

Fixed releases are planned in Incus 6.0.6 and 6.21.0 but had not been released at the time the advisory was published. Track the GitHub Security Advisory GHSA-7f67-crqm-jgh7 for release availability. An interim patch file (templates_arbitrary_write.patch) is published by the maintainers for operators who build Incus from source.

Workarounds

  • Permit only signed or vendor-supplied images in image stores and block user-supplied custom images
  • Run Incus inside a dedicated host with no sensitive data and isolate the host on a management VLAN to limit blast radius
  • Apply mandatory access control profiles (AppArmor or SELinux) to the incusd process to restrict write access to non-container directories
bash
# Configuration example: remove untrusted users from the incus group
sudo gpasswd -d <username> incus
sudo gpasswd -d <username> incus-admin

# Audit installed images for suspicious template paths
for img in $(incus image list -f csv -c f); do
  incus image export "$img" /tmp/img_inspect
  tar -xOf /tmp/img_inspect.tar.xz metadata.yaml 2>/dev/null | grep -E '(\.\./|^/)'
done

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.