The first bugfix release for the Incus 7.0 LTS branch addresses twelve security vulnerabilities, seven of them rated critical. The most severe flaws enabled arbitrary file read and write operations on the host system through symlink attacks in crafted container images, while another allowed full command execution by bypassing project restrictions. Incus 7.0.1 is the consolidation point for fixes that had already shipped in regular monthly releases and been backported by distributions packaging the 7.0 LTS branch.

The critical CVEs cover a range of attack vectors. CVE-2026-48753 exploits path traversal in S3 multipart uploads to write arbitrary files. CVE-2026-48749 and CVE-2026-48752 use symlinks in rootfs/ and templates/ directories of malicious images to read and write host files. CVE-2026-48751 bypasses restricted project isolation entirely, enabling arbitrary command execution. CVE-2026-48755 injects arguments through the backup compression algorithm to achieve file writes and command execution. Two additional high-severity CVEs address project restriction bypasses during cross-project volume and instance copy operations.

Beyond security, the release backports a substantial set of features that don't require data migrations or database changes. Explicit CPU topology for virtual machines gives operators finer control over vCPU pinning and NUMA layout. Per-instance SELinux integration and per-instance BGP route advertisement expand isolation and networking options for multi-tenant deployments. Storage gets Btrfs compression support and filesystem creation options, while LINSTOR users gain access to low-level configuration knobs. OCI containers can now receive static network configuration, and the new incus default CLI command simplifies managing default profiles.

The Incus 7.0 LTS branch is supported until June 2031. Starting with this release cycle, the Incus project is decoupling bugfix updates for LXC and LXCFS from Incus releases, so those components will ship on their own schedules. Release tarballs and GPG signatures are available from the downloads page.