CVE-2026-33945 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: March 27, 2026
Incus - Path Traversal
Published: March 27, 2026Updated: March 27, 2026Remote Exploitable
Overview
Incus < 6.23.0 contains a path traversal vulnerability caused by improper sanitization of systemd credential configuration keys, letting attackers write arbitrary files as root, enabling privilege escalation and denial of service, exploit requires attacker to configure container credentials.
Severity & Score
Severity: Critical
CVSS Score: 9.9
Impact
Attackers can write arbitrary files as root, leading to privilege escalation and denial of service.
Mitigation
Update to version 6.23.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-33945
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- path_traversal
- Status
- new
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H