openstack
295 tracked vulnerabilities.
CVE-2026-54423
HIGH
Openstack Ironic - Improper Protection of Alternate Path
Jul 10, 2026
CVSS 8.2
EPSS 0.01
CVE-2026-44918
MEDIUM
Openstack Ironic - Missing Authorization
Jul 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-50221
MEDIUM
Openstack Swift - Server-Side Request Forgery (SSRF)
Jun 23, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-55748
MEDIUM
Openstack Horizon - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jun 17, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-46448
MEDIUM
Openstack Nova - Incorrect Resource Transfer Between Spheres
Jun 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-54421
MEDIUM
Openstack Ironic < 35.0.1 - Improper Removal of Sensitive Information Before Storage or Transfer
Jun 14, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-50589
MEDIUM
Openstack Ironic < 35.0.1 - Allocation of Resources Without Limits or Throttling
Jun 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-50266
LOW
Openstack Neutron - Incorrect Authorization
Jun 04, 2026
CVSS 2.2
EPSS 0.00
CVE-2026-48681
MEDIUM
Openstack Ironic - Relative Path Traversal
Jun 04, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-44917
MEDIUM
Openstack Ironic - Incorrect Resource Transfer Between Spheres
Jun 04, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-41283
CRITICAL
Openstack Mistral - Incorrect Authorization
Jun 04, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-46447
MEDIUM
OpenStack Ironic through 35.0.x - Boot Script Injection
Jun 03, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-49299
MEDIUM
Openstack Neutron - Incorrect Authorization
May 28, 2026
EPSS 0.00
CVE-2026-44394
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-43000
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42999
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42998
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-49017
HIGH
Openstack Swift - Loop with Unreachable Exit Condition ('Infinite Loop')
May 27, 2026
EPSS 0.00
CVE-2026-44919
MEDIUM
OpenStack Ironic - Denial of Service via Infinite Loop in Checksum Calculation
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44916
LOW
Openstack Ironic < 35.0.1 - Improper Neutralization of Special Elements Used in a Template Engine
May 08, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-40214
MEDIUM
OpenStack Cyborg <14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 DoS via Accelerator Request API
May 07, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40213
HIGH
OpenStack Cyborg < 14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 - Authenticated Incorrect Authorization via Default Policy Rule
May 07, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-42997
HIGH
OpenStack Ironic <26.1.6 - Auth Bypass
May 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-43002
MEDIUM
OpenStack Horizon 25.6-25.7 < 25.7.3 - Unauthenticated Session Storage Exhaustion via Write Operation
May 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43003
HIGH
OpenStack ironic-python-agent <11.5.0 - Code Injection
May 01, 2026
CVSS 8.0
EPSS 0.01
Products
keystone 44
nova 39
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 14
Ironic 12
compute 12
glance 12
havana 11
cinder 9
ironic 9
Keystone 8
heat 7
python-keystoneclient 7
barbican 5
tripleo_heat_templates 5
icehouse 4
keystonemiddleware 4
trove 3
Cyborg 2
Horizon 2
Neutron 2
Nova 2
Swift 2
ceilometer 2
cloud_magnum_orchestration 2
Quick Filters