Threats Tagged 'ghsa-f6m5-xw2g-xc4x'
View all threats tagged with 'ghsa-f6m5-xw2g-xc4x'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-f6m5-xw2g-xc4x'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-f6m5-xw2g-xc4x: Incus has an arbitrary file write on its client due to trusted image hashCVE-2026-48769 0 An arbitrary file write vulnerability exists in the Incus client prior to version 7.2.0. This occurs when a malicious image server returns a crafted Incus-Image-Hash header containing path traversal sequences, allowing files to be written outside the intended directory. The vulnerability can lead to arbitrary command execution as root on the server due to the ability to write files such as cron jobs. The file is created and populated before the SHA-256 hash validation occurs, extending the window for exploitation. A proof-of-concept demonstrates how an attacker can exploit this by serving a malicious image with a crafted header and payload. Join the discussion | GCVE Database | 06/26/2026, 19:13:18 UTC Added: 06/26/2026, 22:05:00 UTC |
Showing 1 to 1 of 1 result