CVE-2026-33542 is a vulnerability categorized under CWE-295 (Improper Certificate Validation) affecting Incus, a system container and virtual machine manager developed by the lxc project. Prior to version 6.23.0, Incus does not properly validate the image fingerprint when downloading container or VM images from simplestreams image servers. Simplestreams is a mechanism used to distribute images for containers and VMs, and the fingerprint is a cryptographic hash intended to ensure the authenticity and integrity of the image. The lack of validation allows an attacker capable of intercepting or manipulating network traffic between the client and simplestreams server to perform image cache poisoning. This means the attacker can cause the client to cache and run a malicious image instead of the legitimate one. Under very narrow circumstances, this can lead to cross-tenant contamination where other tenants on the same host run attacker-controlled images, severely compromising isolation guarantees. The vulnerability requires network access (attack vector: network), partial privileges (low privileges), and some attacker interaction (partial attack complexity). The CVSS 4.0 base score is 5.7 (medium severity), reflecting limited but significant impact on confidentiality and integrity, with no impact on availability. The scope is high, indicating that the vulnerability can affect resources beyond the initially compromised component. The vulnerability does not require user interaction but does require some privilege and attacker presence on the network. No known exploits are reported in the wild as of publication. The issue is fixed in Incus version 6.23.0 by adding proper validation of the image fingerprint during image downloads, preventing cache poisoning and unauthorized image execution.

The vulnerability can lead to image cache poisoning, allowing attackers to inject malicious container or VM images into the environment. This undermines the integrity and confidentiality of workloads running on affected Incus systems. In multi-tenant environments, this can result in cross-tenant attacks where one tenant’s environment is compromised by malicious images intended for another tenant, breaking isolation and potentially leading to data leakage or privilege escalation. Organizations relying on Incus for container or VM management may face risks of unauthorized code execution, data compromise, and disruption of trusted workloads. Although exploitation requires some privileges and network access, the impact on cloud providers, hosting services, and enterprises using Incus for multi-tenant virtualization can be significant. The vulnerability does not affect availability directly but can lead to broader security breaches if exploited. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in targeted attack scenarios.

The primary mitigation is to upgrade Incus to version 6.23.0 or later, where the vulnerability is patched. Until upgrade is possible, organizations should implement strict network controls to limit access to simplestreams image servers and monitor network traffic for anomalies that could indicate interception or manipulation attempts. Employing network segmentation and zero-trust principles can reduce the risk of an attacker gaining the necessary network access. Additionally, administrators should verify image fingerprints manually or through out-of-band mechanisms before deployment to ensure image integrity. Enforcing strict access controls and auditing image download and cache processes can help detect and prevent unauthorized image modifications. For multi-tenant environments, isolating tenants and applying runtime security monitoring to detect anomalous container or VM behavior can mitigate the impact of potential exploitation. Regularly reviewing and updating security policies related to container and VM image management is also recommended.