Vendor
Incus Container Escape via Arbitrary File Read/Write (CVE-2026-48749)
1 TTPA critical vulnerability, CVE-2026-48749, in Incus allows an attacker to achieve arbitrary file read and write on the host filesystem with root privileges by crafting a malicious container image containing a symlink, bypassing validation, and potentially leading to arbitrary command execution.
Incus Restricted Project Bypass Leading to Arbitrary Command Execution (CVE-2026-48751)
1 rule 2 TTPsA critical vulnerability, CVE-2026-48751, in Incus versions prior to 7.2.0, allows an attacker to bypass restricted project settings via malicious instance snapshots, enabling arbitrary command execution with root privileges on the Incus server by abusing low-level hooks.
Incus Argument Injection Vulnerability Leads to Arbitrary File Write and Command Execution
2 rules 5 TTPs 2 IOCsAn argument injection vulnerability (CVE-2026-48755) exists in Incus due to improper validation of the user-provided backup compression algorithm, allowing an authenticated attacker to inject arbitrary arguments into the command line, leading to an arbitrary file write on the host and subsequent arbitrary command execution.
Incus Client Arbitrary File Write via Malicious Image Hash (CVE-2026-48769)
1 rule 3 TTPs 1 IOCA critical arbitrary file write vulnerability (CVE-2026-48769) exists in the Incus client daemon (`incusd`) when processing images from a malicious server, allowing an attacker to inject path traversal into the `Incus-Image-Hash` header to create arbitrary files in sensitive locations as root, ultimately leading to arbitrary command execution.