Security Update: Multiple Vulnerabilities in LXD and Incus
Posted: Tue May 05, 2026 1:29 am
Security Update: Multiple Vulnerabilities in LXD and Incus
Debian has released security updates for LXD and Incus, two important tools used to manage Linux containers and virtual machines. These vulnerabilities are relevant for server administrators, hosting providers, developers, CI systems and private cloud environments because LXD and Incus often run on infrastructure hosts that manage many workloads at the same time.
The affected packages are lxd on Debian 12 “bookworm” and incus on Debian 13 “trixie”. The reported vulnerabilities can lead to Denial of Service, meaning that certain operations or malformed requests may cause crashes, service interruptions or resource exhaustion. Even if this is not described as direct remote code execution, it should still be taken seriously: if the container or VM management layer fails, several containers, virtual machines or hosted services may be affected at once.
Fixed versions:
Debian has released security updates for LXD and Incus, two important tools used to manage Linux containers and virtual machines. These vulnerabilities are relevant for server administrators, hosting providers, developers, CI systems and private cloud environments because LXD and Incus often run on infrastructure hosts that manage many workloads at the same time.
The affected packages are lxd on Debian 12 “bookworm” and incus on Debian 13 “trixie”. The reported vulnerabilities can lead to Denial of Service, meaning that certain operations or malformed requests may cause crashes, service interruptions or resource exhaustion. Even if this is not described as direct remote code execution, it should still be taken seriously: if the container or VM management layer fails, several containers, virtual machines or hosted services may be affected at once.
Fixed versions:
- Debian 12 “bookworm”: lxd 5.0.2-5+deb12u6
- Debian 13 “trixie”: