Denial of Service Vulnerability in Incus System Container Manager
CVE-2026-33743

6.5MEDIUM

Key Information:

Vendor: Lxc
Status: Incus
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-33743?

The Incus system container and virtual machine manager is susceptible to a Denial of Service (DoS) attack when an attacker with access to the storage bucket feature crafts a malicious storage bucket backup. This exploit can lead to the crashing of the Incus daemon, resulting in the control plane API becoming unavailable. Although existing containers and virtual machines continue to operate normally, repeated exploitation can keep the server offline, thus disrupting service availability. This issue has been resolved in version 6.23.0.

Affected Version(s)

incus < 6.23.0

References

https://github.com/lxc/incus/security/advisories/GHSA-vg7...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33743 Data

JSON

Lxc

What is CVE-2026-33743?

Affected Version(s)

References

CVSS V3.1

Timeline