GHSA-2q3f-q5pq-g8wv: Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
Incus versions prior to 7.2.0 contain a critical vulnerability where a specially crafted container image with a malicious rootfs symlink can lead to arbitrary file read and write on the host system. This occurs because Incus processes a duplicate top-level rootfs symlink that can point to the host root directory, allowing access with root privileges. Exploitation can result in reading sensitive files like /etc/shadow and writing files anywhere on the host, potentially leading to arbitrary command execution.
AI Analysis
Technical Summary
Incus improperly handles container images containing a duplicate top-level rootfs symlink that points to the host filesystem root. When such an image is imported and initialized, the stopped-container file API opens the rootfs path and passes it to a function that forks and chroots to this path. This allows an attacker to escape the container context and access or modify arbitrary files on the host with root privileges. A proof-of-concept demonstrates reading /etc/shadow and writing files to the host root directory by exploiting this symlink handling flaw.
Potential Impact
The vulnerability allows an attacker with the ability to import and initialize container images in Incus to read and write arbitrary files on the host filesystem with root privileges. This can lead to disclosure of sensitive information, such as password hashes, and potentially arbitrary command execution on the host system, severely compromising host security.
Mitigation Recommendations
A fix is available in Incus version 7.2.0 and later. Users should upgrade to version 7.2.0 or newer to remediate this vulnerability. Patch status is confirmed by the affectedVersions field indicating versions prior to 7.2.0 are vulnerable. No vendor advisory content was provided to indicate alternative mitigations or temporary fixes.
GHSA-2q3f-q5pq-g8wv: Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
Description
Incus versions prior to 7.2.0 contain a critical vulnerability where a specially crafted container image with a malicious rootfs symlink can lead to arbitrary file read and write on the host system. This occurs because Incus processes a duplicate top-level rootfs symlink that can point to the host root directory, allowing access with root privileges. Exploitation can result in reading sensitive files like /etc/shadow and writing files anywhere on the host, potentially leading to arbitrary command execution.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Incus improperly handles container images containing a duplicate top-level rootfs symlink that points to the host filesystem root. When such an image is imported and initialized, the stopped-container file API opens the rootfs path and passes it to a function that forks and chroots to this path. This allows an attacker to escape the container context and access or modify arbitrary files on the host with root privileges. A proof-of-concept demonstrates reading /etc/shadow and writing files to the host root directory by exploiting this symlink handling flaw.
Potential Impact
The vulnerability allows an attacker with the ability to import and initialize container images in Incus to read and write arbitrary files on the host filesystem with root privileges. This can lead to disclosure of sensitive information, such as password hashes, and potentially arbitrary command execution on the host system, severely compromising host security.
Mitigation Recommendations
A fix is available in Incus version 7.2.0 and later. Users should upgrade to version 7.2.0 or newer to remediate this vulnerability. Patch status is confirmed by the affectedVersions field indicating versions prior to 7.2.0 are vulnerable. No vendor advisory content was provided to indicate alternative mitigations or temporary fixes.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-2q3f-q5pq-g8wv
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-48749"]
- Ecosystems
- ["Go"]
- Database Specific Severity
- CRITICAL
- Cvss Version
- 3.1
Threat ID: 6a3ef79127e9c79719ff6ef6
Added to database: 06/26/2026, 22:05:05 UTC
Last enriched: 06/26/2026, 22:18:11 UTC
Last updated: 06/26/2026, 22:18:11 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.