CVE-2026-35527 Overview
CVE-2026-35527 is a Server-Side Request Forgery (SSRF) vulnerability [CWE-918] in Incus, an open source container and virtual machine manager maintained by the Linux Containers project. The flaw exists in versions prior to 7.0.0. The image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. An authenticated user can coerce the Incus daemon into making blind HEAD requests to arbitrary destinations, including internal services and cloud metadata endpoints. The issue is fixed in Incus 7.0.0.
Critical Impact
Authenticated users can abuse the Incus daemon as an SSRF proxy to probe internal networks and leak host metadata through outbound HEAD requests.
Affected Products
- Linux Containers Incus versions prior to 7.0.0
- Incus deployments exposing image import APIs to authenticated users
- Multi-tenant Incus environments relying on restricted.images.servers policy enforcement
Discovery Timeline
- 2026-05-05 - CVE-2026-35527 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-35527
Vulnerability Analysis
The vulnerability resides in the imgPostURLInfo function within cmd/incusd/images.go. When a user submits an image import request referencing a remote URL, the daemon constructs and dispatches an outbound HEAD request to resolve image metadata. This network interaction occurs before policy enforcement checks reject the import based on project restrictions.
While the eventual image download is blocked by the restricted.images.servers policy, the HEAD probe still reaches the attacker-controlled host. This produces a blind SSRF primitive usable by any authenticated user with permission to invoke the image import endpoint.
The outbound request also embeds custom headers, including Incus-Server-Architectures and Incus-Server-Version. These headers disclose host environment metadata to the attacker-controlled endpoint, providing reconnaissance value beyond the SSRF itself. The pattern mirrors CVE-2026-24767, indicating a recurring class of pre-validation network calls in the image subsystem.
Root Cause
The root cause is improper ordering of security controls. The daemon performs a network operation against an attacker-controlled URL before applying project-level allowlist enforcement. Validation logic runs after the HEAD request completes, so the policy check cannot prevent the outbound traffic.
Attack Vector
An authenticated user submits an image import request with a source URL pointing to an internal service, link-local cloud metadata endpoint such as 169.254.169.254, or any other host reachable from the Incus daemon. The daemon issues a HEAD request to that destination. The attacker observes the request server-side, harvesting timing data, header values, and response behavior. The import is later rejected, but the SSRF has already executed.
No verified public proof-of-concept code is available. See the GitHub Security Advisory GHSA-8gw4-p4wq-4hcv for vendor technical details.
Detection Methods for CVE-2026-35527
Indicators of Compromise
- Outbound HEAD requests from Incus daemon hosts to internal IP ranges, RFC1918 space, or 169.254.169.254
- HTTP requests originating from Incus hosts containing the Incus-Server-Architectures or Incus-Server-Version headers to unexpected destinations
- Image import API calls with source.server URLs that subsequently fail policy validation
Detection Strategies
- Inspect Incus daemon access logs for image import requests where the source URL targets non-allowlisted servers
- Correlate authenticated API calls to /1.0/images with outbound network connections from the daemon process
- Alert on repeated failed image imports from the same user identity, which may indicate SSRF probing
Monitoring Recommendations
- Forward Incus audit logs and host network telemetry to a centralized analytics platform for correlation
- Monitor egress traffic from container hosts to cloud metadata services and internal management interfaces
- Track per-user rates of image import attempts to detect enumeration behavior
How to Mitigate CVE-2026-35527
Immediate Actions Required
- Upgrade Incus to version 7.0.0 or later, which moves policy enforcement before the outbound HEAD request
- Audit existing project configurations and confirm restricted.images.servers is set on all multi-tenant projects
- Review authenticated user access and remove image import privileges from accounts that do not require them
Patch Information
The vendor fixed this vulnerability in Incus 7.0.0. Refer to the GitHub Security Advisory GHSA-8gw4-p4wq-4hcv and the Incus source repository for the patched code paths.
Workarounds
- Apply egress firewall rules on Incus hosts to block daemon connections to RFC1918 ranges, link-local addresses, and cloud metadata endpoints
- Restrict image import API access to trusted administrative identities until the upgrade is complete
- Place Incus daemons in network segments that cannot reach sensitive internal services or instance metadata services
# Example: block daemon egress to cloud metadata and link-local addresses
iptables -I OUTPUT -m owner --uid-owner incus -d 169.254.169.254 -j REJECT
iptables -I OUTPUT -m owner --uid-owner incus -d 169.254.0.0/16 -j REJECT
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
