CVE-2026-33542: Incus Image Cache Poisoning Vulnerability

CVE-2026-33542 Overview

CVE-2026-33542 is a certificate validation vulnerability (CWE-295) in Incus, a system container and virtual machine manager. Prior to version 6.23.0, the software fails to properly validate image fingerprints when downloading from simplestreams image servers. This validation gap creates an opportunity for image cache poisoning attacks and, under specific circumstances, could expose tenants to running attacker-controlled images instead of the expected trusted images.

Critical Impact

Multi-tenant environments running Incus versions prior to 6.23.0 may be vulnerable to image cache poisoning, potentially allowing attackers to substitute malicious container or VM images for legitimate ones.

Affected Products

• Incus versions prior to 6.23.0
• Incus deployments using simplestreams image servers
• Multi-tenant Incus environments

Discovery Timeline

• 2026-03-26 - CVE-2026-33542 published to NVD
• 2026-03-26 - Last updated in NVD database

Technical Details for CVE-2026-33542

Vulnerability Analysis

The vulnerability resides in Incus's image download mechanism when interfacing with simplestreams image servers. Simplestreams is a protocol used to describe and distribute cloud images, commonly employed by container and virtualization platforms to retrieve system images. Incus failed to properly validate the cryptographic fingerprint of downloaded images against the expected fingerprint metadata, creating a trust gap in the image acquisition workflow.

In a properly secured implementation, the image fingerprint (typically a SHA-256 hash) serves as a cryptographic guarantee that the downloaded image matches exactly what was requested. Without this validation, an attacker positioned to manipulate network traffic or compromise an image server could substitute a malicious image while the client accepts it as legitimate.

Root Cause

The root cause is improper certificate/fingerprint validation (CWE-295) in the image download process. When Incus retrieves images from simplestreams servers, the fingerprint verification step was either missing or implemented incorrectly, allowing images with mismatched or absent fingerprints to be cached and potentially deployed to tenant workloads.

Attack Vector

This vulnerability is exploitable over the network with high attack complexity. An attacker requires some privileges (low privilege level) but no user interaction is needed. The attack scenario involves:

1. Image Server Compromise: An attacker gains access to or impersonates a simplestreams image server
2. Cache Poisoning: The attacker serves a malicious image with the same metadata but different content than the expected legitimate image
3. Tenant Exposure: In multi-tenant environments, subsequent image requests may retrieve the poisoned cached image, causing tenants to unknowingly deploy attacker-controlled containers or VMs

The attack is particularly concerning in shared infrastructure scenarios where multiple tenants rely on a common image cache. For detailed technical information, see the GitHub Security Advisory.

Detection Methods for CVE-2026-33542

Indicators of Compromise

• Unexpected changes in cached image fingerprints that don't match published metadata from trusted simplestreams sources
• Container or VM images with checksums that differ from official Incus or LXC image repositories
• Unusual network traffic patterns to unauthorized or unknown image servers
• Log entries showing image downloads without corresponding fingerprint verification events

Detection Strategies

• Monitor Incus image cache directories for unexpected modifications or new images
• Implement network monitoring for connections to simplestreams endpoints and validate against an allowlist of trusted servers
• Compare deployed image fingerprints against known-good hashes from official sources
• Review Incus logs for image download activities, particularly those lacking fingerprint validation confirmation

Monitoring Recommendations

• Enable verbose logging for Incus image operations to capture fingerprint validation events
• Deploy file integrity monitoring on Incus image cache storage locations
• Implement alerting for any image downloads from non-whitelisted simplestreams servers
• Regularly audit running containers and VMs against expected image fingerprints

How to Mitigate CVE-2026-33542

Immediate Actions Required

• Upgrade Incus to version 6.23.0 or later immediately
• Audit existing image caches for potentially compromised images by verifying fingerprints against trusted sources
• Review and restrict network access to known, trusted simplestreams image servers
• Consider purging and re-downloading images from trusted sources after upgrading

Patch Information

The vulnerability is addressed in Incus version 6.23.0. This release implements proper fingerprint validation for images downloaded from simplestreams servers. Organizations should upgrade to this version or later to ensure image integrity verification is enforced. Additional details are available in the GitHub Security Advisory.

Workarounds

• Restrict network access so Incus can only reach explicitly trusted simplestreams image servers
• Manually verify image fingerprints after download by comparing against published hashes from official sources
• Use local image mirrors with pre-verified images instead of directly fetching from remote simplestreams servers
• Implement network segmentation to isolate Incus infrastructure from untrusted networks

# Verify Incus version and upgrade if needed
incus version

# Check current cached images and their fingerprints
incus image list

# Remove potentially compromised cached images
incus image delete <image-fingerprint>

# Re-download images from trusted sources after upgrade
incus image copy images:ubuntu/24.04 local: --alias ubuntu-2404