CVE-2026-23954 Overview
CVE-2026-23954 is a critical path traversal and symlink vulnerability affecting Incus, a system container and virtual machine manager. The vulnerability exists in versions 6.21.0 and below, where the templating functionality fails to properly validate source and target paths for directory traversal sequences or symbolic links. This security flaw allows users with container launching privileges to achieve arbitrary file read and write on the host system, ultimately leading to arbitrary command execution.
Critical Impact
This vulnerability enables container escape through path traversal and symlink exploitation, allowing attackers with local access to achieve full host compromise including arbitrary file read, arbitrary file write, and remote code execution.
Affected Products
- Incus versions 6.21.0 and below
- Incus versions 6.0.x (prior to planned 6.0.6 patch)
- IncusOS (also affected by this vulnerability)
Discovery Timeline
- 2026-01-22 - CVE CVE-2026-23954 published to NVD
- 2026-01-22 - Last updated in NVD database
Technical Details for CVE-2026-23954
Vulnerability Analysis
This vulnerability falls under CWE-22 (Path Traversal) and affects the image templating functionality within Incus. When a user launches a container with a custom image containing a metadata.yaml file with templates defined, the Incus server processes both source and target paths without adequate security validation. The templating engine fails to sanitize paths for directory traversal sequences (such as ../) or symbolic link resolution, creating an exploitable condition.
The attack requires adjacent network access and low privileges (specifically membership in the incus group), but no user interaction is needed. Successful exploitation can impact confidentiality and integrity across security boundaries, as the attacker can escape the container isolation to access host system resources.
Root Cause
The root cause lies in the insufficient input validation within the LXC driver code, specifically in the template processing functions. When handling image templates defined in metadata.yaml, the code at driver_lxc.go line 7215 and line 7294 does not properly validate or canonicalize file paths before performing file operations. This allows malicious paths containing ../ sequences or symbolic links pointing outside the intended container filesystem to be processed, enabling the attacker to read from or write to arbitrary locations on the host.
Attack Vector
The attack vector requires an attacker with the ability to launch containers using custom images—typically a member of the incus group. The attacker crafts a malicious container image with a metadata.yaml file that includes template definitions with path traversal sequences or symbolic links pointing to sensitive host locations.
When the container is launched, the templating engine processes these malicious paths without sanitization, allowing the attacker to:
- Read arbitrary files from the host system by specifying a source path that traverses outside the container root
- Write arbitrary content to host files by specifying a target path with directory traversal
- Chain these capabilities to achieve arbitrary command execution on the host (e.g., by writing to /etc/cron.d/ or modifying system binaries)
The vulnerability is particularly severe because it allows container escape, breaking the fundamental security isolation that containerization is designed to provide. Technical details and proof-of-concept materials are available in the GitHub Security Advisory.
Detection Methods for CVE-2026-23954
Indicators of Compromise
- Unexpected file access patterns from Incus container processes targeting paths outside container roots
- Container images with suspicious metadata.yaml template configurations containing ../ sequences
- Symbolic links within container images pointing to sensitive host system paths like /etc/passwd, /etc/shadow, or /etc/cron.d/
- Unusual file modification timestamps on host system files coinciding with container launch events
Detection Strategies
- Monitor Incus container launch events and inspect custom images for suspicious template configurations before deployment
- Implement file integrity monitoring (FIM) on critical host system files and directories
- Configure audit logging to capture file access attempts from container-related processes outside expected boundaries
- Review container image registries and scan metadata.yaml files for path traversal patterns using regular expressions
Monitoring Recommendations
- Enable comprehensive logging for the Incus daemon and monitor for template processing errors or unusual path references
- Deploy endpoint detection and response (EDR) solutions to identify container escape attempts and suspicious host file access
- Establish baseline container behavior and alert on deviations, particularly file operations targeting host paths
- Configure SentinelOne to monitor for path traversal attack patterns and container breakout behaviors
How to Mitigate CVE-2026-23954
Immediate Actions Required
- Restrict membership in the incus group to only trusted users who require container management capabilities
- Audit all custom container images currently in use for suspicious template configurations in metadata.yaml
- Implement network segmentation to limit adjacent network access to Incus management interfaces
- Consider temporarily disabling custom image support or template processing until patches are available
Patch Information
A fix is planned for Incus versions 6.0.6 and 6.21.0, but these patches have not been released at the time of CVE publication. Organizations should monitor the official Incus security advisory for patch availability and apply updates immediately upon release. A community patch has been shared for testing purposes but should be evaluated carefully before production deployment.
Workarounds
- Restrict container launching to only pre-approved, vetted images from trusted sources
- Remove untrusted users from the incus group until patches are applied
- Implement mandatory access control (MAC) using AppArmor or SELinux to restrict Incus container processes from accessing host paths
- Deploy a container image scanning solution to detect and block images with suspicious template configurations
# Restrict incus group membership to trusted users only
# Review current members
getent group incus
# Remove untrusted users from the incus group
sudo gpasswd -d <untrusted_user> incus
# Audit container images for suspicious templates
grep -r "\.\./" /var/lib/incus/images/*/metadata.yaml 2>/dev/null
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
