8.5

CVE-2026-46448

Exploit
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNova Version >= 18.0.0 < 31.3.1
OpenstackNova Version >= 32.0.0 < 32.2.1
OpenstackNova Version >= 33.0.0 < 33.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.189
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 3.1 4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
cve@mitre.org 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

https://bugs.launchpad.net/nova/+bug/2151252
Third Party Advisory
Exploit
Issue Tracking
https://www.openwall.com/lists/oss-security/2026/06/16/5
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/06/16/5
Third Party Advisory
Mailing List