CNNVD-202601-3456 Information
CNNVD ID
CNNVD-202601-3456
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.21.0及之前版本存在路径遍历漏洞,该漏洞源于模板功能中存在目录遍历或符号链接问题,可能导致主机任意文件读写和任意命令执行。
Description (English)
Incus is a system container and virtual machine manager at the LXC open source. Incus 6.21.0 and previous versions have path-to-path loopholes, which stem from directory-to-catalogue or symbol link problems in the template function, which may lead to any host file reading, writing and command execution.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
LXC
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7215 https://github.com/lxc/incus/blob/HEAD/internal/server/instance/drivers/driver_lxc.go#L7294 https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7 https://github.com/user-attachments/files/24473599/template_arbitrary_write.sh https://github.com/user-attachments/files/24473601/templates_arbitrary_write.patch
Patch
https://github.com/lxc/incus/releases
Share on: