Fluid Attacks Database

Description

Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	incus	=6.0.4-2 \|\| =6.0.4-3 \|\| =6.0.5-1 \|\| =6.0.5-2 \|\| =6.0.5-3 \|\| =6.0.5-4 \|\| =6.0.5-5 \|\| =6.0.5-6 \|\| =6.0.5-7 \|\| =6.0.5-8 \|\| =6.0.6-1 \|\| =6.0.6-2 \|\| =6.0.6-3 \|\| =6.14.0-1~exp1 \|\| =6.15.0-1~exp1 \|\| =6.16.0-1~exp1 \|\| =6.17.0-1~exp1 \|\| =6.20.0-1~exp1 \|\| =6.21.0-1~exp1 \|\| =6.22.0-1~exp1 \|\| =6.23.0-1~exp1 \|\| >=0 <7.0.0-1	7.0.0-1
debian 13	incus	=6.0.4-2 \|\| =6.0.4-2+deb13u1 \|\| =6.0.4-2+deb13u1~bpo12+1 \|\| =6.0.4-2+deb13u2 \|\| =6.0.4-2+deb13u2~bpo12+1 \|\| =6.0.4-2+deb13u3 \|\| =6.0.4-2+deb13u3~bpo12+1 \|\| =6.0.4-2+deb13u4 \|\| =6.0.4-2+deb13u4~bpo12+1 \|\| =6.0.4-2+deb13u5 \|\| =6.0.4-2+deb13u5~bpo12+1 \|\| =6.0.4-2+deb13u6 \|\| =6.0.4-2+deb13u6~bpo12+1 \|\| =6.0.4-2+deb13u7 \|\| =6.0.4-2+deb13u7~bpo12+1 \|\| =6.0.4-3 \|\| =6.0.5-1 \|\| =6.0.5-2 \|\| =6.0.5-3 \|\| =6.0.5-4 \|\| =6.0.5-5 \|\| =6.0.5-6 \|\| =6.0.5-7 \|\| =6.0.5-8 \|\| =6.0.6-1 \|\| =6.0.6-2 \|\| =6.0.6-3 \|\| =6.14.0-1~exp1 \|\| =6.15.0-1~exp1 \|\| =6.16.0-1~exp1 \|\| =6.17.0-1~exp1 \|\| =6.20.0-1~exp1 \|\| =6.21.0-1~exp1 \|\| =6.22.0-1~exp1 \|\| =6.23.0-1~exp1 \|\| =7.0.0-1	-
go	github.com/lxc/incus	-	-
go	github.com/lxc/incus/v6/cmd/incus	>=0 <6.23.0	6.23.0
go	github.com/lxc/incus/v6	>=0 <6.23.0	6.23.0

Aliases

1. CVE-2026-338982. NVD-2026-338983. OSV-DEBIAN-2026-338984. OSV-2026-338985. OSV-GO-2026-48796. GHSA-453r-g2pg-cxxq7. GCVE-2026-338988. SECURITY-TRACKER-CVE-2026-338989. GHSA-453r-g2pg-cxxq

References

1. https://github.com/lxc/incus/commit/d81d49e746e15dad35de39dc0ace0cedfba7d2f72. https://github.com/lxc/incus/releases/tag/v6.23.03. https://github.com/lxc/incus/security/advisories/GHSA-453r-g2pg-cxxq

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.