Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.
AnalysisAI
Incus versions prior to 6.23.0 fail to validate image fingerprints when downloading from simplestreams servers, enabling attackers with local privileges to poison the image cache and potentially cause other tenants to execute attacker-controlled container or virtual machine images instead of legitimate ones. The vulnerability requires local authentication and specific conditions but carries high integrity impact in multi-tenant environments; no active exploitation has been confirmed.
Technical ContextAI
Incus (cpe:2.3:a:lxc:incus:*:*:*:*:*:*:*:*) is a system container and virtual machine manager that orchestrates container and VM deployments. The vulnerability stems from CWE-295 (Improper Certificate Validation), specifically the absence of cryptographic verification of image fingerprints during download operations from simplestreams image repositories. Simplestreams is a protocol for publishing streams of cloud images with metadata; proper validation requires verifying the cryptographic digest (fingerprint) of downloaded image artifacts matches the expected value advertised in repository metadata. The lack of this validation creates a window for cache poisoning attacks where an attacker with local credentials could intercept or influence the download process to substitute a malicious image, which would then be cached and served to other tenants requesting the same image identifier.
RemediationAI
Upgrade Incus to version 6.23.0 or later immediately. This is the vendor-released patch that restores cryptographic validation of image fingerprints. Organizations unable to patch immediately should restrict network access to simplestreams repositories to trusted, authenticated channels only; implement image pull verification workflows that independently validate fingerprints outside the Incus download path; and segregate multi-tenant deployments to minimize blast radius if cache poisoning occurs. Consult the GitHub security advisory (https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r) for additional mitigation guidance and patch verification procedures.
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16460
GHSA-p8mm-23gg-jc9r