openstack

295 tracked vulnerabilities.

CVE-2026-54423 HIGH
Openstack Ironic - Improper Protection of Alternate Path
Jul 10, 2026
CVSS 8.2
EPSS 0.01
CVE-2026-44918 MEDIUM
Openstack Ironic - Missing Authorization
Jul 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-50221 MEDIUM
Openstack Swift - Server-Side Request Forgery (SSRF)
Jun 23, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-55748 MEDIUM
Openstack Horizon - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jun 17, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-46448 MEDIUM
Openstack Nova - Incorrect Resource Transfer Between Spheres
Jun 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-54421 MEDIUM
Openstack Ironic < 35.0.1 - Improper Removal of Sensitive Information Before Storage or Transfer
Jun 14, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-50589 MEDIUM
Openstack Ironic < 35.0.1 - Allocation of Resources Without Limits or Throttling
Jun 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-50266 LOW
Openstack Neutron - Incorrect Authorization
Jun 04, 2026
CVSS 2.2
EPSS 0.00
CVE-2026-48681 MEDIUM
Openstack Ironic - Relative Path Traversal
Jun 04, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-44917 MEDIUM
Openstack Ironic - Incorrect Resource Transfer Between Spheres
Jun 04, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-41283 CRITICAL
Openstack Mistral - Incorrect Authorization
Jun 04, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-46447 MEDIUM
OpenStack Ironic through 35.0.x - Boot Script Injection
Jun 03, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-49299 MEDIUM
Openstack Neutron - Incorrect Authorization
May 28, 2026
EPSS 0.00
CVE-2026-44394 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-43000 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42999 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42998 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-49017 HIGH
Openstack Swift - Loop with Unreachable Exit Condition ('Infinite Loop')
May 27, 2026
EPSS 0.00
CVE-2026-44919 MEDIUM
OpenStack Ironic - Denial of Service via Infinite Loop in Checksum Calculation
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44916 LOW
Openstack Ironic < 35.0.1 - Improper Neutralization of Special Elements Used in a Template Engine
May 08, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-40214 MEDIUM
OpenStack Cyborg <14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 DoS via Accelerator Request API
May 07, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40213 HIGH
OpenStack Cyborg < 14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 - Authenticated Incorrect Authorization via Default Policy Rule
May 07, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-42997 HIGH
OpenStack Ironic <26.1.6 - Auth Bypass
May 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-43002 MEDIUM
OpenStack Horizon 25.6-25.7 < 25.7.3 - Unauthenticated Session Storage Exhaustion via Write Operation
May 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43003 HIGH
OpenStack ironic-python-agent <11.5.0 - Code Injection
May 01, 2026
CVSS 8.0
EPSS 0.01