Home

Description

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

PUBLISHED Reserved 2026-05-14 | Published 2026-06-16 | Updated 2026-06-17 | Assigner mitre




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Problem types

CWE-669 Incorrect Resource Transfer Between Spheres

Product status

Default status
unaffected

18.0.0 (semver) before 31.3.1
affected

32.0.0 (semver) before 32.2.1
affected

33.0.0 (semver) before 33.0.2
affected

References

www.openwall.com/lists/oss-security/2026/06/16/5

bugs.launchpad.net/nova/+bug/2151252 exploit

bugs.launchpad.net/nova/+bug/2151252

www.openwall.com/lists/oss-security/2026/06/16/5

cve.org (CVE-2026-46448)

nvd.nist.gov (CVE-2026-46448)

Download JSON