PYSEC-2026-432

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-432.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-432
Aliases
Published
2026-06-29T11:50:32.179235Z
Modified
2026-07-02T13:00:05.009759713Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OpenStack Nova logs sensitive context from notification exceptions
Details

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

References

Affected packages

PyPI / nova

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.1.4
Introduced
14.0.0
Fixed
14.0.5
Introduced
15.0.1
Fixed
15.0.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-432.yaml"