github.com/lxc/incus/v6/cmd/incusd (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/lxc/incus/v6/cmd/incusd, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2026-23954 — CVSS 8.7 (high): Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with…
CVE-2026-40195 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import…
CVE-2026-40197 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import…
CVE-2026-40251 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import…
CVE-2026-41647 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus…
CVE-2026-41684 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml…
CVE-2026-41648 — CVSS 5.0 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked…
CVE-2026-35527 — CVSS 5.0 (medium): Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD…
CVE-2026-40243 — CVSS 4.8 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database…
CVE-2026-41685 — CVSS 4.3 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can…