CVE-2026-25077

EPSS 0.02%
Veröffentlicht 08.05.2026 12:21:27
Zuletzt bearbeitet 10.05.2026 15:16:27
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of the KVM-based infrastructure managed by CloudStack.


Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Cloudstack Version >= 4.11.0.0 < 4.20.3.0

Apache ≫ Cloudstack Version >= 4.21.0.0 < 4.22.0.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.07

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2026/05/09/6

https://nvd.nist.gov/vuln/detail/CVE-2026-25077

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25077

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25077

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25077