Vendor
critical
advisory
Critical Incus Vulnerability (CVE-2026-48752) Allows Host Arbitrary File Read/Write Leading to RCE
1 rule 6 TTPsA critical vulnerability, CVE-2026-48752, in Incus versions prior to 7.2.0 allows an unauthenticated attacker to achieve arbitrary file read and write on the host system via specially crafted container images or instance backups containing unsanitized symlinks, potentially leading to arbitrary command execution as root.
incusd
vulnerability
rce
symlink
linux
incus
container
1r
6t
critical
advisory
Incus S3 Multipart Upload Path Traversal Leading to RCE (CVE-2026-48753)
1 rule 3 TTPsThe Incus `incusd` daemon, specifically its S3 protocol multipart upload endpoint in versions prior to 7.1.0, is vulnerable to CVE-2026-48753, a critical path traversal flaw via the `uploadId` parameter, enabling unauthenticated attackers to write arbitrary files to any location on the host system, which can be leveraged for persistent arbitrary command execution.
incusd < 7.1.0
path-traversal
rce
incus
s3
linux
vulnerability
1r
3t