UBUNTU-CVE-2026-41685
- Source
- https://ubuntu.com/security/CVE-2026-41685
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41685.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-41685
- Upstream
- Published
- 2026-05-07T14:16:00Z
- Modified
- 2026-05-20T16:25:41.987173542Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those volumes rather than directly on the host filesystem. This is the default behavior on IncusOS. This issue has been patched in version 7.0.0.
- References
Affected packages
Ubuntu:20.04:LTS
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
incus
Package
- Name
- incus
- Purl
- pkg:deb/ubuntu/incus?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-github-lxc-incus-dev",
"binary_version": "6.0.4-2"
},
{
"binary_name": "incus",
"binary_version": "6.0.4-2"
},
{
"binary_name": "incus-agent",
"binary_version": "6.0.4-2"
},
{
"binary_name": "incus-base",
"binary_version": "6.0.4-2"
},
{
"binary_name": "incus-client",
"binary_version": "6.0.4-2"
},
{
"binary_name": "incus-extra",
"binary_version": "6.0.4-2"
}
]
}Ubuntu:26.04:LTS
incus
Package
- Name
- incus
- Purl
- pkg:deb/ubuntu/incus?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-github-lxc-incus-dev",
"binary_version": "6.0.5-8"
},
{
"binary_name": "incus",
"binary_version": "6.0.5-8"
},
{
"binary_name": "incus-agent",
"binary_version": "6.0.5-8"
},
{
"binary_name": "incus-base",
"binary_version": "6.0.5-8"
},
{
"binary_name": "incus-client",
"binary_version": "6.0.5-8"
},
{
"binary_name": "incus-extra",
"binary_version": "6.0.5-8"
}
]
}Ubuntu:Pro:16.04:LTS
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.20-0ubuntu4
0.21-0ubuntu3
0.21-0ubuntu5
0.22-0ubuntu1
0.22-0ubuntu2
0.23-0ubuntu1
0.23-0ubuntu2
0.23-0ubuntu3
0.24-0ubuntu2
0.24-0ubuntu3
0.24-0ubuntu4
0.25-0ubuntu1
0.26-0ubuntu2
0.26-0ubuntu3
0.27-0ubuntu1
0.27-0ubuntu2
2.*
2.0.0~beta1-0ubuntu3
2.0.0~beta1-0ubuntu4
2.0.0~beta2-0ubuntu1
2.0.0~beta2-0ubuntu2
2.0.0~beta3-0ubuntu1
2.0.0~beta3-0ubuntu2
2.0.0~beta3-0ubuntu3
2.0.0~beta3-0ubuntu4
2.0.0~beta4-0ubuntu1
2.0.0~beta4-0ubuntu2
2.0.0~beta4-0ubuntu3
2.0.0~beta4-0ubuntu4
2.0.0~beta4-0ubuntu5
2.0.0~beta4-0ubuntu6
2.0.0~beta4-0ubuntu7
2.0.0~rc1-0ubuntu1
2.0.0~rc1-0ubuntu2
2.0.0~rc1-0ubuntu3
2.0.0~rc2-0ubuntu2
2.0.0~rc2-0ubuntu3
2.0.0~rc3-0ubuntu1
2.0.0~rc3-0ubuntu2
2.0.0~rc3-0ubuntu3
2.0.0~rc3-0ubuntu4
2.0.0~rc4-0ubuntu1
2.0.0~rc5-0ubuntu1
2.0.0~rc6-0ubuntu1
2.0.0~rc6-0ubuntu2
2.0.0~rc7-0ubuntu1
2.0.0~rc7-0ubuntu2
2.0.0~rc8-0ubuntu1
2.0.0~rc8-0ubuntu2
2.0.0~rc8-0ubuntu3
2.0.0~rc8-0ubuntu5
2.0.0~rc8-0ubuntu6
2.0.0~rc8-0ubuntu7
2.0.0~rc9-0ubuntu2
2.0.0~rc9-0ubuntu3
2.0.0~rc9-0ubuntu4
2.0.0~rc9-0ubuntu5
2.0.0-0ubuntu1
2.0.0-0ubuntu2
2.0.0-0ubuntu3
2.0.0-0ubuntu4
2.0.1-0ubuntu1~16.04.1
2.0.2-0ubuntu1~16.04.1
2.0.3-0ubuntu1~ubuntu16.04.2
2.0.4-0ubuntu1~ubuntu16.04.1
2.0.5-0ubuntu1~ubuntu16.04.1
2.0.8-0ubuntu1~ubuntu16.04.1
2.0.8-0ubuntu1~ubuntu16.04.2
2.0.9-0ubuntu1~16.04.1
2.0.9-0ubuntu1~16.04.2
2.0.10-0ubuntu1~16.04.1
2.0.10-0ubuntu1~16.04.2
2.0.11-0ubuntu1~16.04.2
2.0.11-0ubuntu1~16.04.4
2.0.11-0ubuntu1~16.04.4+esm1
2.0.11-0ubuntu1~16.04.4+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
}Ubuntu:Pro:18.04:LTS
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.18-0ubuntu6
2.19-0ubuntu1
2.20-0ubuntu3
2.20-0ubuntu4
2.21-0ubuntu1
2.21-0ubuntu2
2.21-0ubuntu3
2.21-0ubuntu4
3.*
3.0.0~beta2-0ubuntu3
3.0.0~beta3-0ubuntu3
3.0.0~beta5-0ubuntu2
3.0.0~beta7-0ubuntu1
3.0.0-0ubuntu1
3.0.0-0ubuntu2
3.0.0-0ubuntu3
3.0.0-0ubuntu4
3.0.1-0ubuntu1~18.04.1
3.0.2-0ubuntu1~18.04.1
3.0.3-0ubuntu1~18.04.1
3.0.3-0ubuntu1~18.04.2
3.0.3-0ubuntu1~18.04.2+esm1
3.0.3-0ubuntu1~18.04.2+esm2
Ubuntu:Pro:24.04:LTS
incus
Package
- Name
- incus
- Purl
- pkg:deb/ubuntu/incus?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.4-1ubuntu1
0.5.1-1
0.5.1-3
0.6-1
6.*
6.0.0-1
6.0.0-1ubuntu0.1
6.0.0-1ubuntu0.2
6.0.0-1ubuntu0.2+esm1
6.0.0-1ubuntu0.3
6.0.0-1ubuntu0.3+esm1
6.0.0-1ubuntu0.3+esm2
6.0.0-1ubuntu0.3+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-github-lxc-incus-dev",
"binary_version": "6.0.0-1ubuntu0.3+esm3"
},
{
"binary_name": "incus",
"binary_version": "6.0.0-1ubuntu0.3+esm3"
},
{
"binary_name": "incus-agent",
"binary_version": "6.0.0-1ubuntu0.3+esm3"
},
{
"binary_name": "incus-client",
"binary_version": "6.0.0-1ubuntu0.3+esm3"
},
{
"binary_name": "incus-migrate",
"binary_version": "6.0.0-1ubuntu0.3+esm3"
},
{
"binary_name": "incus-tools",
"binary_version": "6.0.0-1ubuntu0.3+esm3"
}
]
}