CNNVD-202601-3455 Information
CNNVD ID
CNNVD-202601-3455
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.20.0及之前版本存在注入漏洞,该漏洞源于用户可通过换行注入在容器配置中添加任意生命周期钩子,可能导致主机上执行任意命令。
Description (English)
Incus is a system container and virtual machine manager at the LXC open source. Incus 6.20.0 and previous versions have an injection loophole, which stems from the fact that users can insert any life-cycle hook into the container configuration by changing lines, which may lead to the execution of arbitrary orders on the mainframe.
Hazard Level
Medium
Vulnerability Type
注入
Affected Vendor
LXC
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L1081 https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32 https://github.com/user-attachments/files/24473682/environment_newline_injection.sh https://github.com/user-attachments/files/24473685/environment_newline_injection.patch
Patch
https://github.com/lxc/incus/releases
Share on: