汇总 OpenStack 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 路径处理缺陷、跨站脚本与输入验证问题 相关,可能在 生产负载与软件部署 场景中带来 文件覆盖与会话劫持 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-50589 | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. | [email protected] | 5.3 | 0.29% | 2026-06-05 | 2026-06-16 |
| CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | [email protected] | 5.9 | 0.62% | 2026-06-04 | 2026-06-04 |
| CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. | [email protected] | 4.9 | 0.29% | 2026-06-04 | 2026-06-04 |
| CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | [email protected] | 5.8 | 0.26% | 2026-06-03 | 2026-06-15 |
| CVE-2026-44394 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a u | [email protected] | 6.0 | 0.24% | 2026-05-28 | 2026-06-02 |
| CVE-2026-43000 | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the re | [email protected] | 6.0 | 0.24% | 2026-05-28 | 2026-06-02 |
| CVE-2026-42999 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attribute | [email protected] | 6.0 | 0.25% | 2026-05-28 | 2026-06-02 |
| CVE-2026-42998 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application credential ID and secret while specifying a different user's name and domain in the request body. Keystone issues a token attributed to the victim user. The impersonated token is project-scoped and carries t | [email protected] | 6.0 | 0.30% | 2026-05-28 | 2026-06-02 |
| CVE-2026-44916 | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. | [email protected] | 3.0 | 0.33% | 2026-05-08 | 2026-06-18 |
| CVE-2026-42997 | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1. | [email protected] | 7.7 | 0.37% | 2026-05-05 | 2026-06-18 |
| CVE-2026-43003 | An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image. | [email protected] | 8.0 | 0.64% | 2026-05-01 | 2026-05-04 |
| CVE-2026-43001 | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, | [email protected] | 7.9 | 0.40% | 2026-05-01 | 2026-06-02 |
| CVE-2026-33551 | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that us | [email protected] | 3.5 | 0.21% | 2026-04-10 | 2026-06-05 |
| CVE-2026-34881 | OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin. | [email protected] | 5.0 | 0.20% | 2026-03-31 | 2026-04-14 |
| CVE-2026-28370 | In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py. | [email protected] | 9.1 | 0.76% | 2026-02-27 | 2026-03-05 |
| CVE-2024-7319 | An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. | [email protected] | 5.0 | 0.39% | 2024-08-02 | 2024-10-07 |
| CVE-2024-40767 | In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 a | [email protected] | 6.5 | 0.94% | 2024-07-24 | 2025-11-04 |
| CVE-2024-32498 | An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conver | [email protected] | 6.5 | 0.83% | 2024-07-05 | 2025-11-04 |
| CVE-2024-28718 | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | [email protected] | 9.8 | 1.06% | 2024-04-12 | 2025-06-17 |
| CVE-2024-29156 | In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. | [email protected] | 6.5 | 0.74% | 2024-03-18 | 2025-03-25 |