How to fix CVE-2026-33945?

Within 24 hours: Verify all Incus installations in your environment and document versions (vulnerable: <6.23.0). Assess whether untrusted users have container access. Within 7 days: Restrict container access to trusted administrators only; implement network segmentation between container hosts and critical systems. Within 30 days: Apply vendor-released patch to Incus 6.23.0 or later on all affected systems, prioritizing production environments. Test patches in staging before production deployment.

CVE-2026-33945

EUVD-2026-16492 CRITICAL

2026-03-26 GitHub_M

9.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 26, 2026 - 23:31 euvd

EUVD-2026-16492

Analysis Generated

Mar 26, 2026 - 23:31 vuln.today

CVE Published

Mar 26, 2026 - 23:27 nvd

CRITICAL 9.9

Description

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like `systemd.credential.../../../../../../root/.bashrc` to cause Incus to write outside of the `credentials` directory associated with the container. This makes use of the fact that the Incus syntax for such credentials is `systemd.credential.XYZ` where `XYZ` can itself contain more periods. While it's not possible to read any data this way, it's possible to write to arbitrary files as root, enabling both privilege escalation and denial of service attacks. Version 6.23.0 fixes the issue.

Analysis

Path traversal in Incus system container manager allows authenticated remote attackers to write arbitrary files as root on the host via malformed systemd credential configuration keys. Affecting all versions before 6.23.0, this enables both privilege escalation from container to host and denial of service through critical file overwrites. …

Remediation

Within 24 hours: Verify all Incus installations in your environment and document versions (vulnerable: <6.23.0). Assess whether untrusted users have container access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +50

POC: 0

CVE-2026-33945 vulnerability details – vuln.today

Back

CVE-2026-33945

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-33945

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code