{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/incus--7.2.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["incus (\u003c 7.2.0)"],"_cs_severities":["critical"],"_cs_tags":["container-escape","privilege-escalation","vulnerability-exploitation","linux"],"_cs_type":"advisory","_cs_vendors":["LXC"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-48749, has been identified in Incus, a container and VM management system developed by LXC. This flaw enables a malicious actor to achieve arbitrary file read and write capabilities on the host system with root privileges, potentially escalating to full command execution. The vulnerability arises from Incus's handling of specially crafted container images, specifically when a duplicate top-level \u003ccode\u003erootfs\u003c/code\u003e symlink is present. While Incus initially validates \u003ccode\u003emetadata.yaml\u003c/code\u003e and a normal \u003ccode\u003erootfs/\u003c/code\u003e entry, it subsequently processes a symlink like \u003ccode\u003erootfs -\u0026gt; /\u003c/code\u003e, allowing a container's root filesystem to be mapped directly to the host's root. This bypasses container isolation, granting the attacker unauthorized access to the host's underlying filesystem and sensitive files such as \u003ccode\u003e/etc/shadow\u003c/code\u003e, affecting Incus versions prior to 7.2.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Incus image package (\u003ccode\u003e.tar\u003c/code\u003e file) that initially contains a valid \u003ccode\u003emetadata.yaml\u003c/code\u003e and an empty \u003ccode\u003erootfs/\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eThe attacker then manipulates the \u003ccode\u003e.tar\u003c/code\u003e archive by removing the legitimate \u003ccode\u003erootfs/\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eA symbolic link named \u003ccode\u003erootfs\u003c/code\u003e pointing to \u003ccode\u003e/\u003c/code\u003e (the host's root directory) is injected into the archive at the top level.\u003c/li\u003e\n\u003cli\u003eThe malicious image (\u003ccode\u003eafrw-rootfs-symlink.tar\u003c/code\u003e) is imported into a vulnerable Incus instance using \u003ccode\u003eincus image import\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eA new container is initialized from this malicious image using \u003ccode\u003eincus init afrw-rootfs-symlink afrw-rootfs-symlink\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uses \u003ccode\u003eincus file pull\u003c/code\u003e commands, targeting paths like \u003ccode\u003e/etc/shadow\u003c/code\u003e from within the created container, to read arbitrary files from the host filesystem.\u003c/li\u003e\n\u003cli\u003eThe attacker uses \u003ccode\u003eincus file push\u003c/code\u003e commands to write or create arbitrary files on the host filesystem.\u003c/li\u003e\n\u003cli\u003eSuccessful arbitrary file read/write with root privileges can lead to host compromise, including privilege escalation or arbitrary command execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-48749 leads to arbitrary file read and write on the host system with root privileges. This means an attacker can access any file on the host, including sensitive system configuration files (e.g., \u003ccode\u003e/etc/shadow\u003c/code\u003e for password hashes) or application data. Furthermore, the ability to write arbitrary files allows for planting malicious executables, modifying critical system configurations, or establishing persistence mechanisms. Ultimately, this can lead to full host compromise, enabling arbitrary command execution, data exfiltration, system defacement, or further lateral movement within the compromised environment. The vulnerability impacts organizations utilizing Incus for containerization and could lead to significant data breaches or operational disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching all Incus instances to version 7.2.0 or later immediately to remediate CVE-2026-48749.\u003c/li\u003e\n\u003cli\u003eReview Incus image origins and implement strict controls to prevent the import of untrusted or malicious container images.\u003c/li\u003e\n\u003cli\u003eMonitor Incus server logs for unusual image import attempts or unexpected file operations performed via \u003ccode\u003eincus file\u003c/code\u003e commands originating from newly provisioned containers.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T10:40:37Z","date_published":"2026-07-03T10:40:37Z","id":"https://feed.craftedsignal.io/briefs/2026-07-incus-arbitrary-file-afrw/","summary":"A critical vulnerability, CVE-2026-48749, in Incus allows an attacker to achieve arbitrary file read and write on the host filesystem with root privileges by crafting a malicious container image containing a symlink, bypassing validation, and potentially leading to arbitrary command execution.","title":"Incus Container Escape via Arbitrary File Read/Write (CVE-2026-48749)","url":"https://feed.craftedsignal.io/briefs/2026-07-incus-arbitrary-file-afrw/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Incus (\u003c 7.2.0)"],"_cs_severities":["critical"],"_cs_tags":["container-security","linux","privilege-escalation","rce","incus"],"_cs_type":"advisory","_cs_vendors":["LXC"],"content_html":"\u003cp\u003eA critical vulnerability (CVE-2026-48751) has been identified in Incus, affecting all versions prior to 7.2.0. This flaw allows a malicious actor to achieve arbitrary command execution with root privileges on the Incus server. The vulnerability stems from instance snapshots ignoring the \u003ccode\u003erestricted.containers.lowlevel=block\u003c/code\u003e setting. Attackers can craft a malicious Incus instance locally, integrate a snapshot configured to abuse low-level hooks like \u003ccode\u003eraw.lxc\u003c/code\u003e or \u003ccode\u003eraw.qemu\u003c/code\u003e, and then transfer this instance to a restricted project. When the malicious snapshot is restored within the restricted environment, the embedded commands are executed on the host, bypassing intended security controls. This allows for complete compromise of the Incus host, enabling persistent access, data exfiltration, or further lateral movement within the network.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Setup (Attacker)\u003c/strong\u003e: The attacker creates a local Incus instance (e.g., \u003ccode\u003eimages:debian/trixie\u003c/code\u003e) in an unrestricted project on their own system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious Hook Injection\u003c/strong\u003e: The attacker injects a malicious low-level hook into the local Incus instance's configuration, specifically using \u003ccode\u003eraw.lxc\u003c/code\u003e or \u003ccode\u003eraw.qemu\u003c/code\u003e. For example, \u003ccode\u003eincus config set rce-raw-lxc raw.lxc='lxc.hook.pre-start = /bin/sh -c \u0026quot;/bin/id \u0026gt;/lxc-hook-prestart\u0026quot;'\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSnapshot Creation\u003c/strong\u003e: A snapshot of the now-malicious local instance is created (e.g., \u003ccode\u003eincus snapshot create rce-raw-lxc snap0\u003c/code\u003e). This snapshot captures the injected malicious hook.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHook Removal (Optional but Recommended)\u003c/strong\u003e: The attacker removes the \u003ccode\u003eraw.lxc\u003c/code\u003e configuration from the local instance to allow for transfer to the restricted project without immediate detection or conflict.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInstance Transfer\u003c/strong\u003e: The malicious instance with its snapshot is moved from the attacker's local, unrestricted environment to a remote Incus server's restricted project (e.g., \u003ccode\u003eincus move rce-raw-lxc rem: --mode push\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSnapshot Restoration\u003c/strong\u003e: The attacker restores the malicious snapshot within the restricted project on the remote Incus server (e.g., \u003ccode\u003eincus snapshot restore rem:rce-raw-lxc snap0\u003c/code\u003e). Despite \u003ccode\u003erestricted.containers.lowlevel=block\u003c/code\u003e being active on the remote project, the snapshot restoration process bypasses this control.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCommand Execution\u003c/strong\u003e: Upon starting the instance from the restored snapshot (e.g., \u003ccode\u003eincus start rem:rce-raw-lxc\u003c/code\u003e), the pre-start hook embedded in the snapshot executes the arbitrary command (e.g., \u003ccode\u003e/bin/id\u003c/code\u003e) on the Incus host with root privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-48751 leads to a complete bypass of Incus project restrictions, specifically the \u003ccode\u003erestricted.containers.lowlevel=block\u003c/code\u003e setting designed to prevent such abuses. This directly results in arbitrary command execution on the underlying Incus server, granting an attacker root privileges. Such compromise allows for full control over the host system, potentially enabling further network infiltration, data exfiltration, service disruption, or the deployment of additional malicious payloads. While specific victim counts are not available, all Incus instances running vulnerable versions prior to 7.2.0 are at risk, particularly those hosting untrusted containers or users in restricted projects.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Incus instances to version 7.2.0 or later to remediate CVE-2026-48751.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect attempts to configure low-level Incus hooks, which indicates potential exploitation of CVE-2026-48751.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive \u003ccode\u003eprocess_creation\u003c/code\u003e logging for Linux systems to capture \u003ccode\u003eincus\u003c/code\u003e command executions and the execution of arbitrary commands.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T10:38:26Z","date_published":"2026-07-03T10:38:26Z","id":"https://feed.craftedsignal.io/briefs/2026-07-incus-rce-restricted-project-bypass/","summary":"A critical vulnerability, CVE-2026-48751, in Incus versions prior to 7.2.0, allows an attacker to bypass restricted project settings via malicious instance snapshots, enabling arbitrary command execution with root privileges on the Incus server by abusing low-level hooks.","title":"Incus Restricted Project Bypass Leading to Arbitrary Command Execution (CVE-2026-48751)","url":"https://feed.craftedsignal.io/briefs/2026-07-incus-rce-restricted-project-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Incus (\u003c 7.2.0)"],"_cs_severities":["critical"],"_cs_tags":["arbitrary-file-write","path-traversal","rce","incus","linux","cve"],"_cs_type":"advisory","_cs_vendors":["lxc"],"content_html":"\u003cp\u003eA critical arbitrary file write vulnerability, tracked as CVE-2026-48769, affects the Incus client daemon (\u003ccode\u003eincusd\u003c/code\u003e) versions prior to 7.2.0. This flaw stems from improper validation of the \u003ccode\u003eIncus-Image-Hash\u003c/code\u003e HTTP header when \u003ccode\u003eincusd\u003c/code\u003e imports an image from a remote URL. A malicious Incus image server can craft this header to include path traversal sequences (e.g., \u003ccode\u003e../../../../etc/cron.d/\u003c/code\u003e), tricking \u003ccode\u003eincusd\u003c/code\u003e into writing an arbitrary file to a sensitive location on the host system with root privileges. By leveraging this to create a cron job (e.g., \u003ccode\u003e/etc/cron.d/incus-direct-image-url-rce\u003c/code\u003e), an attacker can achieve arbitrary command execution as root, leading to full system compromise and privilege escalation. This vulnerability poses a significant risk to Incus environments where image imports from untrusted sources are permitted.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sets up a malicious Incus image server controlled by them.\u003c/li\u003e\n\u003cli\u003eThe victim's Incus server (\u003ccode\u003eincusd\u003c/code\u003e daemon) is instructed to import an image using a user-supplied URL pointing to the attacker-controlled server (e.g., via \u003ccode\u003eincus image import \u0026lt;malicious_URL\u0026gt;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eincusd\u003c/code\u003e initiates a HEAD request to the attacker's server to retrieve image metadata.\u003c/li\u003e\n\u003cli\u003eThe malicious server responds with a crafted \u003ccode\u003eIncus-Image-Hash\u003c/code\u003e HTTP header containing a path traversal sequence (e.g., \u003ccode\u003e../../../../etc/cron.d/incus-direct-image-url-rce\u003c/code\u003e) and an \u003ccode\u003eIncus-Image-URL\u003c/code\u003e header pointing to the malicious payload.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eincusd\u003c/code\u003e processes these headers, and its \u003ccode\u003eimageDownload()\u003c/code\u003e function constructs a file path by combining \u003ccode\u003e/var/lib/incus/images/\u003c/code\u003e with the attacker-supplied hash. Due to the path traversal, this resolves to a sensitive system path, such as \u003ccode\u003e/etc/cron.d/incus-direct-image-url-rce\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eincusd\u003c/code\u003e invokes \u003ccode\u003eos.Create()\u003c/code\u003e on this crafted path, creating the arbitrary file \u003ccode\u003e/etc/cron.d/incus-direct-image-url-rce\u003c/code\u003e with root privileges.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eincusd\u003c/code\u003e then makes a GET request to the \u003ccode\u003eIncus-Image-URL\u003c/code\u003e provided by the attacker and writes the malicious content (e.g., a cron job command \u003ccode\u003e* * * * * root /bin/sh -c \u0026quot;id \u0026gt; /tmp/incus-direct-image-url-rce\u0026quot;\u003c/code\u003e) into the newly created file.\u003c/li\u003e\n\u003cli\u003eThe host system's cron daemon subsequently executes the newly installed cron job, resulting in arbitrary command execution as root, enabling the attacker to gain full control over the Incus server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-48769 allows an attacker to achieve an arbitrary file write on the Incus host system with root privileges. This directly leads to arbitrary command execution by writing malicious cron jobs or other configuration files, effectively compromising the entire server. This includes potential for data exfiltration, further lateral movement, or installation of persistent backdoors. Systems running Incus versions prior to 7.2.0 that import images from untrusted sources are at severe risk of compromise. While no specific victim counts are detailed, any organization utilizing vulnerable Incus deployments is susceptible.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-48769 immediately by upgrading Incus to version 7.2.0 or later on all affected Linux servers.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule in this brief to your SIEM to detect suspicious file creations by the \u003ccode\u003eincusd\u003c/code\u003e process in sensitive system directories.\u003c/li\u003e\n\u003cli\u003eImplement strict controls over which Incus image servers are trusted and limit the ability of non-administrative users to import images from arbitrary URLs.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive file system logging (e.g., auditd for Linux) to detect unexpected file creations or modifications in sensitive directories like \u003ccode\u003e/etc/cron.d/\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T10:34:05Z","date_published":"2026-07-03T10:34:05Z","id":"https://feed.craftedsignal.io/briefs/2026-07-incus-arbitrary-file-write/","summary":"A critical arbitrary file write vulnerability (CVE-2026-48769) exists in the Incus client daemon (`incusd`) when processing images from a malicious server, allowing an attacker to inject path traversal into the `Incus-Image-Hash` header to create arbitrary files in sensitive locations as root, ultimately leading to arbitrary command execution.","title":"Incus Client Arbitrary File Write via Malicious Image Hash (CVE-2026-48769)","url":"https://feed.craftedsignal.io/briefs/2026-07-incus-arbitrary-file-write/"}],"language":"en","title":"CraftedSignal Threat Feed - Incus (\u003c 7.2.0)","version":"https://jsonfeed.org/version/1.1"}