Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-35527

CVE-2026-35527: Linuxcontainers Incus SSRF Vulnerability

CVE-2026-35527 is an SSRF vulnerability in Linuxcontainers Incus that allows authenticated users to trigger blind HEAD requests to arbitrary destinations. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-35527 Overview

CVE-2026-35527 is a Server-Side Request Forgery (SSRF) vulnerability [CWE-918] in Incus, an open source container and virtual machine manager maintained by the Linux Containers project. The flaw exists in versions prior to 7.0.0. The image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. An authenticated user can coerce the Incus daemon into making blind HEAD requests to arbitrary destinations, including internal services and cloud metadata endpoints. The issue is fixed in Incus 7.0.0.

Critical Impact

Authenticated users can abuse the Incus daemon as an SSRF proxy to probe internal networks and leak host metadata through outbound HEAD requests.

Affected Products

  • Linux Containers Incus versions prior to 7.0.0
  • Incus deployments exposing image import APIs to authenticated users
  • Multi-tenant Incus environments relying on restricted.images.servers policy enforcement

Discovery Timeline

  • 2026-05-05 - CVE-2026-35527 published to NVD
  • 2026-05-07 - Last updated in NVD database

Technical Details for CVE-2026-35527

Vulnerability Analysis

The vulnerability resides in the imgPostURLInfo function within cmd/incusd/images.go. When a user submits an image import request referencing a remote URL, the daemon constructs and dispatches an outbound HEAD request to resolve image metadata. This network interaction occurs before policy enforcement checks reject the import based on project restrictions.

While the eventual image download is blocked by the restricted.images.servers policy, the HEAD probe still reaches the attacker-controlled host. This produces a blind SSRF primitive usable by any authenticated user with permission to invoke the image import endpoint.

The outbound request also embeds custom headers, including Incus-Server-Architectures and Incus-Server-Version. These headers disclose host environment metadata to the attacker-controlled endpoint, providing reconnaissance value beyond the SSRF itself. The pattern mirrors CVE-2026-24767, indicating a recurring class of pre-validation network calls in the image subsystem.

Root Cause

The root cause is improper ordering of security controls. The daemon performs a network operation against an attacker-controlled URL before applying project-level allowlist enforcement. Validation logic runs after the HEAD request completes, so the policy check cannot prevent the outbound traffic.

Attack Vector

An authenticated user submits an image import request with a source URL pointing to an internal service, link-local cloud metadata endpoint such as 169.254.169.254, or any other host reachable from the Incus daemon. The daemon issues a HEAD request to that destination. The attacker observes the request server-side, harvesting timing data, header values, and response behavior. The import is later rejected, but the SSRF has already executed.

No verified public proof-of-concept code is available. See the GitHub Security Advisory GHSA-8gw4-p4wq-4hcv for vendor technical details.

Detection Methods for CVE-2026-35527

Indicators of Compromise

  • Outbound HEAD requests from Incus daemon hosts to internal IP ranges, RFC1918 space, or 169.254.169.254
  • HTTP requests originating from Incus hosts containing the Incus-Server-Architectures or Incus-Server-Version headers to unexpected destinations
  • Image import API calls with source.server URLs that subsequently fail policy validation

Detection Strategies

  • Inspect Incus daemon access logs for image import requests where the source URL targets non-allowlisted servers
  • Correlate authenticated API calls to /1.0/images with outbound network connections from the daemon process
  • Alert on repeated failed image imports from the same user identity, which may indicate SSRF probing

Monitoring Recommendations

  • Forward Incus audit logs and host network telemetry to a centralized analytics platform for correlation
  • Monitor egress traffic from container hosts to cloud metadata services and internal management interfaces
  • Track per-user rates of image import attempts to detect enumeration behavior

How to Mitigate CVE-2026-35527

Immediate Actions Required

  • Upgrade Incus to version 7.0.0 or later, which moves policy enforcement before the outbound HEAD request
  • Audit existing project configurations and confirm restricted.images.servers is set on all multi-tenant projects
  • Review authenticated user access and remove image import privileges from accounts that do not require them

Patch Information

The vendor fixed this vulnerability in Incus 7.0.0. Refer to the GitHub Security Advisory GHSA-8gw4-p4wq-4hcv and the Incus source repository for the patched code paths.

Workarounds

  • Apply egress firewall rules on Incus hosts to block daemon connections to RFC1918 ranges, link-local addresses, and cloud metadata endpoints
  • Restrict image import API access to trusted administrative identities until the upgrade is complete
  • Place Incus daemons in network segments that cannot reach sensitive internal services or instance metadata services
bash
# Example: block daemon egress to cloud metadata and link-local addresses
iptables -I OUTPUT -m owner --uid-owner incus -d 169.254.169.254 -j REJECT
iptables -I OUTPUT -m owner --uid-owner incus -d 169.254.0.0/16 -j REJECT

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.