Description

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.images_volume and storage.backups_volume as those users will have large uploads be stored on those volumes rather than directly on the host filesystem. This is the default behavior on IncusOS. This issue has been patched in version 7.0.0.

INFO

Published Date :

2026-05-07T13:09:34.982Z

Last Modified :

2026-05-07T13:50:17.247Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41685 vulnerability.

Vendors Products
Linuxcontainers
  • Incus
Lxc
  • Incus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41685.

URL Resource
https://github.com/lxc/incus/releases/tag/v7.0.0 cve-icon cve-icon
https://github.com/lxc/incus/security/advisories/GHSA-98vh-x9cx-9cfp cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact