https://feed.craftedsignal.io/tags/cve-2026-33897/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 23:16:20 +0000https://feed.craftedsignal.io/briefs/2024-01-incus-template-vuln/Thu, 26 Mar 2026 23:16:20 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-incus-template-vuln/A vulnerability in Incus versions prior to 6.23.0 allows for arbitrary read and write access as root on the host server by exploiting a missing chroot isolation in the pongo2 template engine.<p>Incus, a system container and virtual machine manager, is vulnerable to arbitrary read and write access as root due to a flaw in its instance template handling. Prior to version 6.23.0, the application lacks proper chroot isolation when processing pongo2 templates. These templates, intended for file templating within instances during their lifecycle, bypass the expected chroot, granting access to the entire host filesystem with root privileges. This vulnerability, identified as CVE-2026-33897…</p> criticaladvisoryincustemplate-injectionprivilege-escalationCVE-2026-33897linux