CVE-2026-41647 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: May 7, 2026
Incus - Denial of Service
Published: May 7, 2026Updated: May 7, 2026PoC AvailableRemote Exploitable
Overview
Incus < 7.0.0 contains a denial of service caused by missing error handling in the import of truncated storage bucket backup files, letting authenticated users crash the daemon, exploit requires user authentication.
Severity & Score
Severity: Medium
CVSS Score: 6.5
Impact
Authenticated users can crash the daemon, causing denial of service.
Mitigation
Update to version 7.0.0 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-41647
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- denial_of_service
- Status
- confirmed
CWE
- CWE-476
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H