Product
A critical vulnerability, CVE-2026-48752, in Incus versions prior to 7.2.0 allows an unauthenticated attacker to achieve arbitrary file read and write on the host system via specially crafted container images or instance backups containing unsanitized symlinks, potentially leading to arbitrary command execution as root.