CVE-2026-35527: Incus has Blind SSRF via Image Import Preflight HEAD

May 4, 2026 (updated May 8, 2026)

A partial implementation of our restricted.images.servers project restriction allows users in such restricted projects to still cause Incus to send HEAD requests to arbitrary endpoints.

The actual image download will be rejected by the project restriction, but the ability to trigger arbitrary HTTP requests inside of the Incus environment can still be used as a way to discover otherwise hidden details about the environment.

References

github.com/advisories/GHSA-8gw4-p4wq-4hcv
github.com/lxc/incus
github.com/lxc/incus/blob/v6.22.0/cmd/incusd/images.go
github.com/lxc/incus/security/advisories/GHSA-8gw4-p4wq-4hcv
nvd.nist.gov/vuln/detail/CVE-2026-35527

Code Behaviors & Features

Detect and mitigate CVE-2026-35527 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →