CVE-2026-35527
CVE-2026-35527 is a medium-severity vulnerability in Linuxcontainers Incus with a CVSS 3.x base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-918.
Key facts
- Severity: Medium (CVSS 3.x base score 5.0)
- CVSS v4: 5.3
- EPSS exploit prediction: 0% (19th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-27490
- Weakness: CWE-918
- Affected product: Linuxcontainers Incus
- Published:
- Last modified:
Description
Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs and sends a HEAD request directly from the attacker-supplied source URL to resolve image metadata, and this network interaction occurs before the flow reaches the point where the import would be rejected by policy. Although the actual image download is blocked by the project restriction, an authenticated user can coerce the daemon into making blind HEAD requests to arbitrary destinations. These requests include server metadata in custom headers (Incus-Server-Architectures, Incus-Server-Version), which discloses information about the host environment to the attacker-controlled endpoint. This blind SSRF primitive can be used to probe internal services, unroutable address space, or cloud metadata endpoints reachable from the host. This vulnerability pattern is similar to CVE-2026-24767. This issue has been fixed in version 7.0.0.
Frequently asked questions
- What is CVE-2026-35527?
- Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs and sends a HEAD request directly from the attacker-supplied source URL to resolve image metadata, and this network interaction occurs before the flow reaches the point where the import would be rejected by policy. Although the actual image download is blocked by the project restriction, an authenticated user can coerce the daemon into making blind HEAD requests to arbitrary destinations. These requests include server metadata in custom headers (Incus-Server-Architectures, Incus-Server-Version), which discloses information about the host environment to the attacker-controlled endpoint. This blind SSRF primitive can be used to probe internal services, unroutable address space, or cloud metadata endpoints reachable from the host. This vulnerability pattern is similar to CVE-2026-24767. This issue has been fixed in version 7.0.0.
- How severe is CVE-2026-35527?
- CVE-2026-35527 has a CVSS 3.x base score of 5.0, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2026-35527 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-35527?
- CVE-2026-35527 affects Linuxcontainers Incus. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-35527?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-35527 have an EU (EUVD) identifier?
- Yes. CVE-2026-35527 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-27490.
- When was CVE-2026-35527 published?
- CVE-2026-35527 was published on 2026-05-05 and last updated on 2026-06-17.
References
- https://github.com/lxc/incus/blob/v6.22.0/cmd/incusd/images.go
- https://github.com/lxc/incus/security/advisories/GHSA-8gw4-p4wq-4hcv
Affected products (1)
- cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*
More vulnerabilities in Linuxcontainers Incus
- CVE-2026-33945 — Critical (CVSS 9.9): Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to…
- CVE-2026-33897 — Critical (CVSS 9.9): Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used…
- CVE-2026-33898 — High (CVSS 8.8): Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus…
- CVE-2026-23954 — High (CVSS 8.7): Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to…
- CVE-2026-23953 — High (CVSS 8.7): Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to…
- CVE-2026-33711 — High (CVSS 7.8): Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API…
All CVEs affecting Linuxcontainers Incus →
Other CWE-918 (Server-Side Request Forgery (SSRF)) vulnerabilities
- CVE-2026-47938 — Critical (CVSS 10.0): Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF)…
- CVE-2026-35431 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to…
- CVE-2026-32186 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-33107 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-32871 — Critical (CVSS 10.0): FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP…
- CVE-2026-32169 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a…
Browse all CWE-918 (Server-Side Request Forgery (SSRF)) vulnerabilities →