CVE-2026-23953 in incus
Summary
by MITRE • 01/23/2026
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/23/2026
This vulnerability exists within Incus, a system container and virtual machine manager that operates at the intersection of containerization and virtualization technologies. The flaw represents a critical security issue affecting versions 6.20.0 and earlier, where a specific privilege escalation path has been identified through improper input validation mechanisms. The vulnerability stems from insufficient sanitization of environment variables during container configuration processes, creating a scenario where malicious actors can manipulate container initialization parameters through carefully crafted input.
The technical implementation of this vulnerability exploits a classic newline injection attack pattern that leverages the lxc.conf configuration file parsing mechanism. When a user with container launch privileges creates a custom YAML configuration, they can inject environment variables containing newline characters that are then interpreted by the underlying LXC containerization layer. This injection allows the attacker to append additional configuration directives to the lxc.conf file, specifically enabling the addition of arbitrary lifecycle hooks that execute within the container context. The vulnerability operates at the boundary between user-space container management and host-level system operations, creating a pathway for privilege escalation.
The operational impact of this vulnerability extends beyond simple privilege escalation to enable full host command execution capabilities. Once the malicious lifecycle hooks are injected through the configuration injection, they can be triggered during container lifecycle events such as start, stop, or restart operations. This creates a persistent backdoor mechanism where arbitrary commands can be executed with the privileges of the host system. The attack requires minimal prerequisites, only that the attacker possess the ability to launch containers with custom configurations, which is commonly granted to members of the incus group in typical deployments.
The exploitation process involves a two-stage approach that demonstrates sophisticated understanding of the underlying system architecture. The initial stage requires creating a container configuration with newline injection to establish the malicious hook injection, while the second stage involves leveraging a second container with /tmp mounted from the host to bypass certain validation mechanisms. This approach aligns with attack patterns documented in the MITRE ATT&CK framework under privilege escalation and persistence techniques. The vulnerability also reflects CWE-74 standards related to injection flaws, specifically targeting configuration injection mechanisms.
The fix for this vulnerability has been planned for versions 6.0.6 and 6.21.0, though these releases were not yet available at the time of publication. The remediation approach will likely involve implementing proper input sanitization for environment variables and configuration parameters, ensuring that newline characters are properly escaped or rejected during container configuration processing. Organizations should immediately implement mitigations including restricting container launch privileges, monitoring for suspicious configuration changes, and ensuring timely updates to the Incus platform when the patched versions become available. The vulnerability highlights the importance of input validation in containerization environments and the potential for configuration injection attacks to escalate to full system compromise.