CVE Tools

CVE-2026-33711

Incus vulnerable to local privilege escalation through VM screenshot path

Published: Mar 26, 2026Updated: Mar 30, 2026 Sources: CVE List NVD BDUCWE-61

No Known Exploits

Patch Available

Description

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable paths under /tmp for this, an attacker with local access to the system can abuse this mechanism by creating their own symlinks ahead of time. On the vast majority of Linux systems, this will result in a "Permission denied" error when requesting a screenshot. That's because the Linux kernel has a security feature designed to block such attacks, `protected_symlinks`. On the rare systems with this purposefully disabled, it's then possible to trick Incus intro truncating and altering the mode and permissions of arbitrary files on the filesystem, leading to a potential denial of service or possible local privilege escalation. Version 6.23.0 fixes the issue.

No summary for this CVE yet.

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:LPrivileges Required

Low

UI:NUser Interaction

None

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

incus linuxcontainers

Mixed

Cloud & SaaS / container-orchestration

Mixed

Cloud & SaaS / container-orchestration

РЕД ОС ООО «Ред Софт»

On-premOS

Operating Systems / linux-distro

Incus Сообщество свободного программного обеспечения Operating Systems / linux-distro

linuxcontainersoss-projectCloud & SaaSaka incus, lxc

lxcoss-projectCloud & SaaSaka lxc container

ооо «ред софт»commercialRUOperating Systemsaka red soft

сообщество свободного программного обеспеченияoss-projectOperating Systemsaka сообщество свободного программного обеспечения, fsf

Exploitability

Official Patch Available

No detection template yetWe can run the check for you — a free external exposure review, no install. Check my exposure

References

https://github.com/lxc/incus/security/advisories/GHSA-q9vp-3wcg-8p4x

https://github.com/lxc/incus

https://github.com/lxc/incus/commit/ef006240ac2475ddea7b8406cecc7dbd1a883fdf

and 3 more references View all →

Timeline

Published

Mar 26, 2026

Last Updated

Mar 30, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-33711 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows