PYSEC-2026-860

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-860.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-860
Aliases
Published
2026-07-06T08:03:25.880153Z
Modified
2026-07-07T11:45:19.119475438Z
Summary
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
Details

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

References

Affected packages

PyPI / nova

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.0a0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-860.yaml"