SB2026041601 - Debian update for incus

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026041601

SB2026041601 - Debian update for incus

Published: April 16, 2026

Security Bulletin ID SB2026041601
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2026-34178)

The vulnerability allows a remote user to bypass project restrictions and gain full host compromise.

The vulnerability exists due to improper access control in the LXD backup import process when importing a crafted instance backup archive. A remote privileged user can supply inconsistent backup/index.yaml and backup/container/backup.yaml files to bypass project restrictions and gain full host compromise.

Exploitation requires instance creation and operation permissions in a restricted project.


2) Improper access control (CVE-ID: CVE-2026-34179)

The vulnerability allows a remote user to escalate privileges to cluster admin.

The vulnerability exists due to improper access control in the doCertificateUpdate handler for the /1.0/certificates/{fingerprint} endpoint when processing PUT or PATCH requests that update TLS certificate records. A remote privileged user can send a crafted request to change the certificate type from client to server and escalate privileges to cluster admin.

The issue affects deployments using legacy restricted TLS certificates through the /1.0/certificates API, and the privilege change takes effect after the identity cache refresh.


Remediation

Install update from vendor's website.

References