CVE-2026-41685 - Vulnerability Analysis
MediumCVSS: 4.3Last Updated: May 7, 2026
Incus - Denial of Service
Published: May 7, 2026Updated: May 7, 2026PoC AvailableRemote Exploitable
Overview
Incus prior to 7.0.0 contains a denial of service vulnerability caused by large data uploads by authenticated users exhausting disk space, letting attackers potentially take down the host system, exploit requires authenticated user.
Severity & Score
Severity: Medium
CVSS Score: 4.3
Impact
Authenticated users can exhaust disk space causing denial of service and host system downtime.
Mitigation
Update to version 7.0.0 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-41685
- Severity
- Medium
- CVSS Score
- 4.3
- Type
- denial_of_service
- Status
- confirmed
CWE
- CWE-770
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L