CVE-2026-46448
MEDIUMOpenstack Nova - Incorrect Resource Transfer Between Spheres
Title source: ruleDescription
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
References (3)
Core 3
Scores
CVSS v3
5.4
EPSS
0.0027
EPSS Percentile
19.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-669
Status
published
Products (7)
OpenStack/Nova
18.0.0 - 31.3.1
openstack/nova
18.0.0 - 31.3.1
OpenStack/Nova
32.0.0 - 32.2.1
OpenStack/Nova
33.0.0 - 33.0.2
pypi/nova
18.0.0 - 31.3.0PyPI
pypi/nova
32.0.0 - 32.2.1PyPI
pypi/nova
33.0.0 - 33.0.1PyPI
Published
Jun 16, 2026
Tracked Since
Jun 17, 2026