{"id":"GO-2026-4704","summary":"IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd","details":"IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd","aliases":["CVE-2026-32606","GHSA-wj2j-qwcf-cfcc"],"modified":"2026-03-26T21:02:57.078499Z","published":"2026-03-26T20:32:44Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4704"},"references":[{"type":"ADVISORY","url":"https://github.com/lxc/incus-os/security/advisories/GHSA-wj2j-qwcf-cfcc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32606"},{"type":"WEB","url":"https://discuss.linuxcontainers.org/t/potential-luks-encryption-bypass-through-filesystem-confusion/26348"},{"type":"WEB","url":"https://github.com/lxc/incus-os/commit/e3b35f230d23443d27752eac27ebb2b22c957b75"},{"type":"WEB","url":"https://github.com/lxc/incus-os/pull/954"},{"type":"WEB","url":"https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock"}],"affected":[{"package":{"name":"github.com/lxc/incus-os/incus-osd","ecosystem":"Go","purl":"pkg:golang/github.com/lxc/incus-os/incus-osd"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20260313012803-e3b35f230d23"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4704.json"}}],"schema_version":"1.7.5"}