CVE-2026-41647
Memory Corruption in Incus Storage Backup Import
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canonical | incus | 7.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41647 is a vulnerability in Incus, a system container and virtual machine manager. The issue arises when an authenticated user imports a truncated or corrupted storage bucket backup file. Specifically, the problem is a nil-pointer dereference in the code that processes tar archive entries during the import. When the code encounters a non-EOF error while reading the archive, it incorrectly assumes the header is valid and tries to access it, causing the daemon to crash.
This vulnerability is due to missing error handling in the function that uploads files from the backup archive, which leads to a panic and daemon crash when processing malformed backup files.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated Incus user to cause the daemon to crash. The crash results from importing a malformed or truncated storage bucket backup file, which triggers a nil-pointer dereference in the daemon.
The impact is primarily on availability, as the daemon crash can disrupt the normal operation of the Incus system container and virtual machine manager, potentially causing downtime or service interruptions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a daemon crash triggered by importing a truncated or malformed storage bucket backup file in Incus prior to version 7.0.0. Detection would involve monitoring the Incus daemon for crashes or panic logs related to nil-pointer dereferences during backup import operations.
Specifically, you can check Incus daemon logs for panic messages referencing nil-pointer dereferences or errors during the import of backup files.
There are no explicit commands provided in the available resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Incus to version 7.0.0 or later, where this vulnerability has been patched.
Until the upgrade is applied, avoid importing truncated or malformed storage bucket backup files, especially from untrusted sources, as this can trigger the daemon crash.
Monitor the Incus daemon for crashes and consider restricting authenticated user permissions to limit the ability to import backup files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a daemon crash when an authenticated user imports a truncated storage bucket backup file, leading to an availability impact.
There is no information provided about any direct impact on confidentiality or integrity of data, nor any explicit mention of effects on compliance with standards such as GDPR or HIPAA.
Given the nature of the vulnerability (availability impact only), it may affect system availability requirements under some regulations, but no specific compliance implications are detailed in the provided information.