CVE-2026-23954

Name	CVE-2026-23954
Description	Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
incus (PTS)	trixie	6.0.4-2+deb13u3	vulnerable
	trixie (security)	6.0.4-2+deb13u2	vulnerable
	forky, sid	6.0.5-7	vulnerable
lxd (PTS)	bookworm, bookworm (security)	5.0.2-5+deb12u2	vulnerable
	trixie	5.0.2+git20231211.1364ae4-9+deb13u2	vulnerable
	trixie (security)	5.0.2+git20231211.1364ae4-9+deb13u1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
incus	source	(unstable)	(unfixed)
lxd	source	(unstable)	(unfixed)

https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7