openstack

276 tracked vulnerabilities.

CVE-2026-44919 MEDIUM
OpenStack Ironic - Denial of Service via Infinite Loop in Checksum Calculation
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44916 LOW
Openstack Ironic < 35.0.1 - Improper Neutralization of Special Elements Used in a Template Engine
May 08, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-40214 MEDIUM
OpenStack Cyborg <14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 DoS via Accelerator Request API
May 07, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40213 HIGH
OpenStack Cyborg < 14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 - Authenticated Incorrect Authorization via Default Policy Rule
May 07, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-42997 HIGH
OpenStack Ironic <26.1.6 - Auth Bypass
May 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-43002 MEDIUM
OpenStack Horizon 25.6-25.7 < 25.7.3 - Unauthenticated Session Storage Exhaustion via Write Operation
May 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43003 HIGH
OpenStack ironic-python-agent <11.5.0 - Code Injection
May 01, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-43001 HIGH
OpenStack Keystone 13-29 - Privilege Escalation
May 01, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-42510 MEDIUM
OpenStack Ironic <=25.0.0 - Command Injection
Apr 28, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-40683 HIGH
OpenStack Keystone <25.0.1 - Auth Bypass
Apr 14, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-40212 MEDIUM
OpenStack Skyline < 5.0.1, 6.0.0, 7.0.0 - DOM-based Cross-Site Scripting via Unsafe document.write
Apr 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33551 LOW
OpenStack Keystone <26.1.1 - Privilege Escalation
Apr 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-34881 MEDIUM
OpenStack Glance <29.1.1, 30.x<30.1.1, 31.0.0 SSRF via Image Import URL Redirect
Mar 31, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-28370 CRITICAL
OpenStack Vitrage <12.0.1,13.0.0,14.0.0,15.0.0 - Code Injection
Feb 27, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24708 HIGH
OpenStack Nova <30.2.2 - Memory Corruption
Feb 18, 2026
CVSS 8.2
EPSS 0.00
CVE-2025-65073 HIGH
OpenStack Keystone < 26.0.1, 27.0.0, 28.0.0 - Incorrect Authorization via AWS Signature
Nov 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-44021 LOW
OpenStack Ironic < 24.1.3, 24-24.1.3, 25-26.1.1, 27-29.0.1 - Arbitrary File Write via Image Handling
May 08, 2025
CVSS 2.8
EPSS 0.00
CVE-2024-7319 MEDIUM
openstack-heat - Exposure of Sensitive Information via Stack Abandon Command
Aug 02, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-40767 MEDIUM
OpenStack Nova <27.4.1,28.2.1,29.1.1 - Info Disclosure
Jul 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32498 MEDIUM
OpenStack <24.0.0, <28.0.2, <29.0.3 - Info Disclosure
Jul 05, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-28718 CRITICAL
OpenStack Magnum - Remote Code Execution via cert_manager.py TOCTOU Race Condition
Apr 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29156 MEDIUM
OpenStack Murano <16.0.0 - Info Disclosure
Mar 18, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-1141 MEDIUM
python-glance-store - Info Disclosure
Feb 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-1636 MEDIUM
OpenStack Barbican - Privilege Escalation
Sep 24, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-1633 MEDIUM
OpenStack Barbican - Info Disclosure
Sep 24, 2023
CVSS 6.6
EPSS 0.00
Products
keystone 39 nova 38 folsom 25 neutron 25 horizon 22 essex 15 image_registry_and_delivery_service_\(glance\) 15 grizzly 14 swift 13 compute 12 glance 12 havana 11 cinder 9 heat 7 python-keystoneclient 7 Ironic 5 barbican 5 tripleo_heat_templates 5 Keystone 4 icehouse 4 keystonemiddleware 3 trove 3 Cyborg 2 ceilometer 2 cloud_magnum_orchestration 2 designate 2 diablo 2 keystone_essex 2 magnum 2 manila 2
Quick Filters
Critical CVEs With Exploits In CISA KEV