github.com/lxc/incus/v7 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/lxc/incus/v7, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-40195 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import…
CVE-2026-40197 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import…
CVE-2026-40251 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import…
CVE-2026-35527 — CVSS 5.0 (medium): Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD…
CVE-2026-40243 — CVSS 4.8 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database…