CVE-2026-40195
BaseFortify
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Incus, a system container and virtual machine manager, in versions before 7.0.0. It is caused by missing validation logic in the storage bucket import process. Specifically, when the Incus daemon processes the index.yaml file from an imported backup archive, it accesses parts of the backup configuration without verifying if the configuration object is properly initialized.
If the index.yaml file is malicious or malformed and omits the required config block, this leads to a nil-pointer dereference error during the bucket import operation, causing the Incus daemon to crash.
An authenticated user with access to the storage bucket feature can exploit this to repeatedly crash the daemon, effectively causing a denial of service.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition. An attacker who is authenticated and has access to the storage bucket feature can cause the Incus daemon to crash repeatedly by supplying a malformed backup archive.
This can keep the Incus service offline, disrupting container and virtual machine management operations that depend on it.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the Incus system container and virtual machine manager to version 7.0.0 or later, where the issue has been fixed.
Until the upgrade is applied, restrict authenticated users' access to the storage bucket feature to prevent exploitation of the missing validation logic that causes the daemon to crash.