CVE-2026-33897: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in lxc incus
CVE-2026-33897 is a critical vulnerability in the lxc incus container and virtual machine manager prior to version 6. 23. 0. It involves improper neutralization of special elements in the pongo2 template engine used within instances, allowing arbitrary read and write operations on the host filesystem with root privileges. The vulnerability arises because the pongo2 chroot isolation mechanism is bypassed, enabling templates to access and modify the entire system filesystem. This flaw has a CVSS score of 10, indicating a critical severity. Version 6. 23. 0 of incus includes a patch that addresses this issue.
AI Analysis
Technical Summary
Incus versions before 6.23.0 use pongo2 templates within instances to generate files during the instance lifecycle. The implementation expected pongo2's chroot feature to isolate file access to the instance filesystem. However, the chroot isolation is completely bypassed, allowing templates to read and write arbitrary files on the host system with root privileges. This results in a critical security flaw where an attacker with the ability to control templates can compromise the host system. The vulnerability is tracked as CWE-1336 (Improper Neutralization of Special Elements Used in a Template Engine). The issue is fixed in incus version 6.23.0.
Potential Impact
An attacker able to supply or manipulate instance template files can exploit this vulnerability to perform arbitrary file read and write operations on the host server with root privileges. This compromises the confidentiality, integrity, and availability of the host system, potentially leading to full system compromise. The CVSS 3.1 base score is 10.0, reflecting network attack vector, low attack complexity, privileges required as low, no user interaction, and complete impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch is available in incus version 6.23.0 that fixes this vulnerability. Users should upgrade to version 6.23.0 or later to remediate this issue. No other mitigations are specified in the advisory. Patch status is confirmed by the vendor advisory indicating the fix in version 6.23.0.
CVE-2026-33897: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in lxc incus
Description
CVE-2026-33897 is a critical vulnerability in the lxc incus container and virtual machine manager prior to version 6. 23. 0. It involves improper neutralization of special elements in the pongo2 template engine used within instances, allowing arbitrary read and write operations on the host filesystem with root privileges. The vulnerability arises because the pongo2 chroot isolation mechanism is bypassed, enabling templates to access and modify the entire system filesystem. This flaw has a CVSS score of 10, indicating a critical severity. Version 6. 23. 0 of incus includes a patch that addresses this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Incus versions before 6.23.0 use pongo2 templates within instances to generate files during the instance lifecycle. The implementation expected pongo2's chroot feature to isolate file access to the instance filesystem. However, the chroot isolation is completely bypassed, allowing templates to read and write arbitrary files on the host system with root privileges. This results in a critical security flaw where an attacker with the ability to control templates can compromise the host system. The vulnerability is tracked as CWE-1336 (Improper Neutralization of Special Elements Used in a Template Engine). The issue is fixed in incus version 6.23.0.
Potential Impact
An attacker able to supply or manipulate instance template files can exploit this vulnerability to perform arbitrary file read and write operations on the host server with root privileges. This compromises the confidentiality, integrity, and availability of the host system, potentially leading to full system compromise. The CVSS 3.1 base score is 10.0, reflecting network attack vector, low attack complexity, privileges required as low, no user interaction, and complete impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch is available in incus version 6.23.0 that fixes this vulnerability. Users should upgrade to version 6.23.0 or later to remediate this issue. No other mitigations are specified in the advisory. Patch status is confirmed by the vendor advisory indicating the fix in version 6.23.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-24T15:41:47.490Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c5ba613c064ed76fe1f5d4
Added to database: 3/26/2026, 10:59:45 PM
Last enriched: 4/3/2026, 1:32:46 PM
Last updated: 5/10/2026, 9:53:09 PM
Views: 175
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.