CVE-2026-46448

MEDIUM

Openstack Nova - Incorrect Resource Transfer Between Spheres

Title source: rule
STIX 2.1

Description

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

Scores

CVSS v3 5.4
EPSS 0.0027
EPSS Percentile 19.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-669
Status published
Products (7)
OpenStack/Nova 18.0.0 - 31.3.1
openstack/nova 18.0.0 - 31.3.1
OpenStack/Nova 32.0.0 - 32.2.1
OpenStack/Nova 33.0.0 - 33.0.2
pypi/nova 18.0.0 - 31.3.0PyPI
pypi/nova 32.0.0 - 32.2.1PyPI
pypi/nova 33.0.0 - 33.0.1PyPI
Published Jun 16, 2026
Tracked Since Jun 17, 2026