Every CVE whose affected-product data names Linuxcontainers Incus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2026-33945 — CVSS 9.9 (critical): Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For…
CVE-2026-33897 — CVSS 9.9 (critical): Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary…
CVE-2026-33898 — CVSS 8.8 (high): Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly…
CVE-2026-23953 — CVSS 8.7 (high): Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a…
CVE-2026-23954 — CVSS 8.7 (high): Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with…
CVE-2025-64507 — CVSS 7.8 (high): Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an…
CVE-2026-33711 — CVSS 7.8 (high): Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a…
CVE-2026-41647 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus…
CVE-2026-41684 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml…
CVE-2026-33743 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by…
CVE-2026-40195 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import…
CVE-2026-40197 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import…
CVE-2026-40251 — CVSS 6.5 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import…
CVE-2026-35527 — CVSS 5.0 (medium): Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD…
CVE-2026-41648 — CVSS 5.0 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked…
CVE-2026-33542 — CVSS 4.8 (medium): Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when…
CVE-2026-40243 — CVSS 4.8 (medium): Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database…
CVE-2026-41685 — CVSS 4.3 (medium): Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can…