PYSEC-2026-838

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/kolla/PYSEC-2026-838.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-838
Aliases
Published
2026-07-07T10:17:25.752484Z
Modified
2026-07-07T11:46:04.806782697Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OpenStack Kolla sudo privilege escalation vulnerability
Details

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

References

Affected packages

PyPI / kolla

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.0.0.0rc1

Affected versions

0.*
0.0.1
1.*
1.1.0
1.1.1
1.1.2
2.*
2.0.0.0rc1
2.0.0.0rc2
2.0.0.0rc3
2.0.0.0rc4
2.0.0
2.0.1
2.0.2
2.0.3
3.*
3.0.0.0b1
3.0.0.0b2
3.0.0.0b3
3.0.0.0rc1
3.0.0.0rc2
3.0.0.0rc3
3.0.0
3.0.1
3.0.2
3.0.3
4.*
4.0.0.0b1
4.0.0.0b2
4.0.0.0b3
4.0.0.0rc1
4.0.0.0rc2
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
5.*
5.0.0.0b2
5.0.0.0b3
5.0.0.0rc1
5.0.0.0rc2
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
6.*
6.0.0.0b2
6.0.0.0b3
6.0.0.0rc1
6.0.0.0rc2
6.0.0
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
7.*
7.0.0.0b2
7.0.0.0b3
7.0.0.0rc1
7.0.0.0rc2
7.0.0.0rc3
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.1.0
7.1.1
8.*
8.0.0.0b1
8.0.0.0rc1
8.0.0.0rc2
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
9.*
9.0.0.0rc1
9.0.0.0rc2
9.0.0
9.0.1
9.1.0
9.1.1
9.2.0
9.3.0
9.3.1
9.4.0
10.*
10.0.0.0rc1
10.0.0.0rc2
10.0.0
10.1.0
10.2.0
10.3.0
10.4.0
11.*
11.0.0.0rc1
11.0.0.0rc2
11.0.0
11.1.0
11.2.0
11.2.1
11.3.0
12.*
12.0.0.0rc1
12.0.0.0rc2
12.0.0
12.0.1
12.1.0
12.2.0
12.3.0
12.4.0
12.5.0
12.6.0
12.7.0
13.*
13.0.0.0rc1
13.0.0.0rc2
13.0.0.0rc3
13.0.0
13.0.1
13.1.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0
13.8.0
13.9.0
13.10.0
14.*
14.0.0.0rc1
14.0.0.0rc2
14.0.0
14.1.0
14.2.0
14.3.0
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.9.0
14.10.0
14.11.0
14.12.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/kolla/PYSEC-2026-838.yaml"