Security: lxc/incus
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Project restriction bypass for custom volume copy across projectsGHSA-64f3-v33m-w89f published
Jun 25, 2026 by stgraberHigh -
Project restriction bypass in instance copy across projectsGHSA-c9f5-j9c3-mhrg published
Jun 25, 2026 by stgraberHigh -
Arbitrary file write on client due to trusted image hashGHSA-f6m5-xw2g-xc4x published
Jun 25, 2026 by stgraberCritical -
Argument injection in backup compression algorithm leading to AFW and ACEGHSA-v6mj-8pf4-hhw4 published
Jun 25, 2026 by stgraberCritical -
Arbitrary file read+write on host via rootfs/ symlink in malicious imageGHSA-2q3f-q5pq-g8wv published
Jun 25, 2026 by stgraberCritical -
Arbitrary file read+write on host via templates/ symlink in malicious imageGHSA-vxp5-584q-c479 published
Jun 25, 2026 by stgraberCritical -
Arbitrary file write on host via `exec-output` symlink in crafted imageGHSA-73hr-m85f-64v9 published
Jun 25, 2026 by stgraberCritical -
Arbitrary file write via path traversal in S3 multipart uploadGHSA-ccjc-4qc3-jxqc published
May 28, 2026 by stgraberCritical -
Restricted project bypass leading to arbitrary command executionGHSA-48q5-w887-33wv published
Jun 25, 2026 by stgraberCritical -
Nil-pointer dereference in createDependentVolumesFromBackupGHSA-4xg6-52mh-fpw8 published
May 28, 2026 by stgraberLow