CVE-2026-28370

CRITICAL LAB

OpenStack Vitrage <12.0.1,13.0.0,14.0.0,15.0.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28370. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code demonstrating CVE-2026-28370, an eval() injection vulnerability in OpenStack Vitrage. The PoC scripts show multiple attack vectors, including value injection, key injection, and logical operator manipulation, leading to remote code execution.

Description

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28370

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating CVE-2026-28370, an eval() injection vulnerability in OpenStack Vitrage. The PoC scripts show multiple attack vectors, including value injection, key injection, and logical operator manipulation, leading to remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenStack Vitrage < 12.0.1, 13.0.0, 14.0.0, 15.0.0

Auth required

Prerequisites: authenticated access to Vitrage API

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory

https://github.com/openstack/vitrage/blob/a1f86950e1314b0c740f9cd9b7e9dbab7d02af51/vitrage/graph/query.py#L70

View Writeup ZIP pw:eip

Various Sources

https://storyboard.openstack.org/#%21/story/2011539

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/03/6

Related Analysis

72-Hour Stress Test

Scores

CVSS v3 9.1

EPSS 0.0004

EPSS Percentile 12.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

EIP LAB

patched docker pull ghcr.io/exploitintel/cve-2026-28370-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2026-28370-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-95

Status published

Products (2)

openstack/vitrage < 12.01

pypi/vitrage 15.0.0.0rc1 - 15.0.1PyPI

Published Feb 27, 2026

Tracked Since Feb 27, 2026