{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33897/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["incus","template-injection","privilege-escalation","CVE-2026-33897","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eIncus, a system container and virtual machine manager, is vulnerable to arbitrary read and write access as root due to a flaw in its instance template handling. Prior to version 6.23.0, the application lacks proper chroot isolation when processing pongo2 templates. These templates, intended for file templating within instances during their lifecycle, bypass the expected chroot, granting access to the entire host filesystem with root privileges. This vulnerability, identified as CVE-2026-33897…\u003c/p\u003e\n","date_modified":"2026-03-26T23:16:20Z","date_published":"2026-03-26T23:16:20Z","id":"/briefs/2024-01-incus-template-vuln/","summary":"A vulnerability in Incus versions prior to 6.23.0 allows for arbitrary read and write access as root on the host server by exploiting a missing chroot isolation in the pongo2 template engine.","title":"Incus Instance Template Vulnerability CVE-2026-33897","url":"https://feed.craftedsignal.io/briefs/2024-01-incus-template-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-33897","version":"https://jsonfeed.org/version/1.1"}