Product
Incus Container Escape via Arbitrary File Read/Write (CVE-2026-48749)
1 TTPA critical vulnerability, CVE-2026-48749, in Incus allows an attacker to achieve arbitrary file read and write on the host filesystem with root privileges by crafting a malicious container image containing a symlink, bypassing validation, and potentially leading to arbitrary command execution.
Incus Restricted Project Bypass Leading to Arbitrary Command Execution (CVE-2026-48751)
1 rule 2 TTPsA critical vulnerability, CVE-2026-48751, in Incus versions prior to 7.2.0, allows an attacker to bypass restricted project settings via malicious instance snapshots, enabling arbitrary command execution with root privileges on the Incus server by abusing low-level hooks.
Incus Client Arbitrary File Write via Malicious Image Hash (CVE-2026-48769)
1 rule 3 TTPs 1 IOCA critical arbitrary file write vulnerability (CVE-2026-48769) exists in the Incus client daemon (`incusd`) when processing images from a malicious server, allowing an attacker to inject path traversal into the `Incus-Image-Hash` header to create arbitrary files in sensitive locations as root, ultimately leading to arbitrary command execution.