CVE

CVE-2026-32606

IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd

Back to all

CVE

CVE-2026-32606

IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.6

3.1

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.7

3.1

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Related Resources

No items found.

References

https://github.com/lxc/incus-os/security/advisories/GHSA-wj2j-qwcf-cfcc, https://nvd.nist.gov/vuln/detail/CVE-2026-32606, https://discuss.linuxcontainers.org/t/potential-luks-encryption-bypass-through-filesystem-confusion/26348, https://github.com/lxc/incus-os/commit/e3b35f230d23443d27752eac27ebb2b22c957b75, https://github.com/lxc/incus-os/pull/954, https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock

Severity

7.6

CVSS Score

Basic Information

Base CVSS

7.6

EPSS Probability

0.0014%

EPSS Percentile

0.0367%

Introduced Version

0,202601060601,v0.0.0-20260102194603-7bf7194f57eb,202510230320,v0.0.0-20251021135840-05733636e909,202506220351,v0.0.0-20250621200307-b5e00c4d4757,202503202220,v0.0.0-20250313180707-3036ab170489,202501161827,v0.0.0-20250116182653-cc3a72edeeda

Fix Available

0.0.0-20260313012803-e3b35f230d23,202603130128,v0.0.0-20260313012803-e3b35f230d23

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-32606

CVE-2026-32606

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.6

Basic Information

Fix Critical Vulnerabilities Instantly