You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
image cache poisoning
About this tag
Image cache poisoning is a supply-chain trust vulnerability where an attacker can inject a malicious image into a system's image cache, causing subsequent deployments to use the tampered image. On WindowsForum.com, this tag covers CVE-2026-33542, a medium-severity Incus vulnerability disclosed in March 2026. Incus versions before 6.23.0 failed to verify the combined image fingerprint when downloading container and virtual-machine images from simplestreams servers, enabling narrowly scoped image cache poisoning in exposed multi-tenant environments. The bug is not a remote-code-execution threat but a supply-chain trust failure in a workflow often treated as routine. The patch is straightforward, but the incident highlights broader lessons about image verification in container and VM deployments.
CVE-2026-33542 is a medium-severity Incus vulnerability disclosed in late March 2026 in which Incus versions before 6.23.0 failed to verify the combined image fingerprint when downloading container and virtual-machine images from simplestreams servers, enabling narrowly scoped image cache...