Home / Vulnerability Intelligence / CVE-2026-33945

CVE-2026-33945 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 27, 2026

Incus - Path Traversal

Published: March 27, 2026Updated: March 27, 2026Remote Exploitable

Overview

Incus < 6.23.0 contains a path traversal vulnerability caused by improper sanitization of systemd credential configuration keys, letting attackers write arbitrary files as root, enabling privilege escalation and denial of service, exploit requires attacker to configure container credentials.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 5.9%(Probability of exploitation in next 30 days)

Impact

Attackers can write arbitrary files as root, leading to privilege escalation and denial of service.

Mitigation

Update to version 6.23.0 or later.

References

https://github.com/lxc/incus/security/advisories/GHSA-q4q8-7f2j-9h9f

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 29, 2026

🔴 CVE-2026-33945 - Critical (9.9) Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a conf... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33945/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33945
Severity: Critical
CVSS Score: 9.9
Type: path_traversal
Status: new
EPSS: 5.9%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

5.9%Probability of exploitation in the next 30 days