CVE-2026-40195

Incus nil-pointer dereference in storage bucket import allows denial of service

Description

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup metadata handling logic, where the daemon processes the index.yaml file from an imported archive and accesses members of the parsed backup configuration without first verifying that the configuration object was initialized. A malicious or malformed index.yaml that omits the config block causes a nil-pointer dereference during bucket import operations and terminates the daemon. Repeated use of this issue can be used to keep Incus offline, causing a denial of service. This issue is fixed in version 7.0.0.

INFO

Published Date :

2026-05-06T20:33:34.084Z

Last Modified :

2026-05-06T20:33:34.084Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-40195 vulnerability.

Vendors	Products
Lxc	Incus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40195.

URL	Resource
https://github.com/lxc/incus/security/advisories/GHSA-gc7j-g665-rxr9

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability