A critical vulnerability in Incus allows for arbitrary file read and write operations with root privileges on the host system by bypassing the template engine's filesystem isolation.

The implementation of pongo2 templates within Incus fails to enforce chroot isolation. An attacker capable of creating or modifying instance templates can bypass the instance's filesystem boundaries to read or write any file on the host operating system with root authority.

This flaw permits an attacker to fully compromise the host server and all hosted instances. By reading sensitive host files (like /etc/shadow) or writing malicious binaries/scripts, an attacker can achieve persistent root access. The CVSS score of 9.9 reflects the critical nature of this host-level compromise.

Immediate Action: Upgrade Incus to version 6.23.0 immediately to restore proper template isolation and chroot enforcement.

Proactive Monitoring: Inspect all pongo2 template files for commands that attempt to access paths outside the standard instance directory structure.

Compensating Controls: Disable the use of instance templates if they are not strictly required for operations, or restrict template modification permissions to a minimal set of users.

Public Exploit Available: false

The failure of the chroot mechanism in the template engine is a high-priority security issue. Immediate patching is required to ensure that the isolation between the host and its containers remains intact.