CVE-2026-23954 Overview
CVE-2026-23954 is a path traversal vulnerability [CWE-22] in Incus, a system container and virtual machine manager maintained by the Linux Containers project. Versions 6.21.0 and below permit a user with rights to launch a container from a custom image to abuse the image templating functionality. The templating logic fails to validate source and target paths for symbolic links or directory traversal sequences. An attacker can leverage this flaw to read and write arbitrary files on the host, leading to arbitrary command execution. IncusOS deployments are also affected.
Critical Impact
A member of the incus group can escape the container boundary through crafted metadata.yaml templates and obtain full command execution on the host system.
Affected Products
- Linux Containers Incus versions 6.21.0 and earlier
- Linux Containers Incus 6.0.x LTS branch (fix planned for 6.0.6)
- IncusOS distributions bundling vulnerable Incus releases
Discovery Timeline
- 2026-01-22 - CVE-2026-23954 published to NVD
- 2026-01-30 - Last updated in NVD database
Technical Details for CVE-2026-23954
Vulnerability Analysis
The vulnerability resides in the LXC driver code that processes container image templates. When Incus launches a container from a custom image, it parses the bundled metadata.yaml file. This file can declare template entries that map source template files to target locations inside the container filesystem. The driver expands these templates during instance creation.
Neither the source nor the target path receives validation against symbolic links or .. traversal sequences. A crafted image can therefore direct the template engine to read files outside the image bundle and write rendered output anywhere the Incus daemon can reach. Because the daemon runs with elevated privileges on the host, writes can target system locations such as /etc/cron.d, /root/.ssh/authorized_keys, or systemd unit directories.
Root Cause
The template handling functions in internal/server/instance/drivers/driver_lxc.go (referenced at lines 7215 and 7294) resolve user-supplied paths without canonicalization or jail enforcement. The code trusts paths declared in metadata.yaml and follows symbolic links during read and write operations.
Attack Vector
Exploitation requires local or adjacent network access and low-privilege membership in the incus group. The attacker builds a malicious image archive containing a metadata.yaml that references templates with traversal sequences or symlinks. Launching a container from this image triggers the templated reads and writes against host paths. Writing an executable payload to a directory that the host periodically invokes results in arbitrary command execution as the Incus daemon user, typically root.
A proof-of-concept script (template_arbitrary_write.sh) demonstrating the arbitrary write path is referenced in the upstream advisory.
Detection Methods for CVE-2026-23954
Indicators of Compromise
- Custom container images containing metadata.yaml entries with .. sequences or symbolic links in source or target template fields
- Unexpected file writes to host paths such as /etc/, /root/, /var/spool/cron/, or systemd unit directories originating from the Incus daemon process
- New entries in authorized_keys, cron tables, or service units created during container creation events
Detection Strategies
- Audit Incus daemon logs for instance create and template rendering operations that resolve to paths outside the instance rootfs
- Inspect image metadata before import using tar -tf and review templates/ directories and metadata.yaml for traversal patterns
- Monitor process lineage where incusd spawns writes to sensitive system directories
Monitoring Recommendations
- Enable file integrity monitoring on /etc, /root/.ssh, /etc/systemd/system, and cron directories on hosts running Incus
- Forward Incus daemon audit logs to a centralized analytics platform and alert on template operations referencing paths outside expected image bundles
- Track membership changes to the incus and incus-admin groups
How to Mitigate CVE-2026-23954
Immediate Actions Required
- Restrict membership of the incus group to trusted administrators only and treat group members as privileged users on the host
- Disable launching of containers from untrusted custom images until patched releases are deployed
- Review existing image stores and remove any images with suspicious metadata.yaml template definitions
Patch Information
Fixed releases are planned in Incus 6.0.6 and 6.21.0 but had not been released at the time the advisory was published. Track the GitHub Security Advisory GHSA-7f67-crqm-jgh7 for release availability. An interim patch file (templates_arbitrary_write.patch) is published by the maintainers for operators who build Incus from source.
Workarounds
- Permit only signed or vendor-supplied images in image stores and block user-supplied custom images
- Run Incus inside a dedicated host with no sensitive data and isolate the host on a management VLAN to limit blast radius
- Apply mandatory access control profiles (AppArmor or SELinux) to the incusd process to restrict write access to non-container directories
# Configuration example: remove untrusted users from the incus group
sudo gpasswd -d <username> incus
sudo gpasswd -d <username> incus-admin
# Audit installed images for suspicious template paths
for img in $(incus image list -f csv -c f); do
incus image export "$img" /tmp/img_inspect
tar -xOf /tmp/img_inspect.tar.xz metadata.yaml 2>/dev/null | grep -E '(\.\./|^/)'
done
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

