PYSEC-2026-1708

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-1708.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1708
Aliases
Published
2026-07-07T14:34:36.285308Z
Modified
2026-07-07T17:46:58.611861130Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Details

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

References

Affected packages

PyPI / nova

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
29.0.2

Affected versions

15.*
15.1.5
16.*
16.1.6
16.1.7
16.1.8
17.*
17.0.7
17.0.8
17.0.9
17.0.10
17.0.11
17.0.12
17.0.13
18.*
18.0.2
18.0.3
18.1.0
18.2.0
18.2.1
18.2.2
18.2.3
18.3.0
19.*
19.0.0.0rc1
19.0.0.0rc2
19.0.0
19.0.1
19.0.2
19.0.3
19.1.0
19.2.0
19.3.0
19.3.1
19.3.2
20.*
20.0.0.0rc1
20.0.0.0rc2
20.0.0
20.0.1
20.1.0
20.1.1
20.2.0
20.3.0
20.4.0
20.4.1
20.5.0
20.6.0
20.6.1
21.*
21.0.0.0rc1
21.0.0.0rc2
21.0.0
21.1.0
21.1.1
21.1.2
21.2.0
21.2.1
21.2.2
21.2.3
21.2.4
22.*
22.0.0.0rc1
22.0.0
22.0.1
22.1.0
22.2.0
22.2.1
22.2.2
22.3.0
22.4.0
23.*
23.0.0.0rc1
23.0.0.0rc2
23.0.0
23.0.1
23.0.2
23.1.0
23.2.0
23.2.1
23.2.2
24.*
24.0.0.0rc1
24.0.0.0rc2
24.0.0
24.1.0
24.1.1
24.2.0
24.2.1
25.*
25.0.0.0rc1
25.0.0
25.0.1
25.1.0
25.1.1
25.2.0
25.2.1
25.3.0
26.*
26.0.0.0rc1
26.0.0.0rc2
26.0.0
26.1.0
26.1.1
26.2.0
26.2.1
26.2.2
26.3.0
27.*
27.0.0.0rc1
27.0.0
27.1.0
27.2.0
27.3.0
27.4.0
27.5.0
27.5.1
28.*
28.0.0.0rc1
28.0.0
28.0.1
28.1.0
28.2.0
28.3.0
28.3.1
29.*
29.0.0.0rc1
29.0.0
29.0.1
29.0.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-1708.yaml"