EUVD-2026-8999

🗓️ 27 Feb 2026 06:31:28Reported by EUVDType

OpenStack Vitrage query parser enables code execution as the service user, risking host compromise.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2026-28370	27 Feb 202604:56	–	attackerkb
Information Security Automation	March Linux Patch Wednesday	30 Mar 202620:00	–	avleonov
Circl	CVE-2026-28370	27 Feb 202605:20	–	circl
CNNVD	OpenStack Vitrage 安全漏洞	27 Feb 202600:00	–	cnnvd
CVE	CVE-2026-28370	27 Feb 202604:56	–	cve
Cvelist	CVE-2026-28370	27 Feb 202604:56	–	cvelist
Debian CVE	CVE-2026-28370	27 Feb 202604:56	–	debiancve
Github Security Blog	OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection	27 Feb 202606:31	–	github
NVD	CVE-2026-28370	27 Feb 202605:18	–	nvd
OSV	DEBIAN-CVE-2026-28370	27 Feb 202605:18	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "c95ebe00-5dcb-3571-997d-3cd910e022ed",
        "vendor": {
          "name": "OpenStack"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5a104921-7b18-3fdc-a23a-243cc0ab3bd3",
        "product": {
          "name": "Vitrage"
        },
        "product_version": "13.0.0"
      },
      {
        "id": "7b9c4c0c-6d42-335f-8474-c4da8eea0bc7",
        "product": {
          "name": "Vitrage"
        },
        "product_version": "0 <12.0.1"
      },
      {
        "id": "81c5cc5d-8c2d-37f0-b789-2d09a1d61dd2",
        "product": {
          "name": "Vitrage"
        },
        "product_version": "15.0.0"
      },
      {
        "id": "c3e1b509-9caa-35f4-8dad-ef75ead5084a",
        "product": {
          "name": "Vitrage"
        },
        "product_version": "14.0.0"
      }
    ]
  }
]

Source	Link
storyboard	www.storyboard.openstack.org/
github	www.github.com/openstack/vitrage/blob/a1f86950e1314b0c740f9cd9b7e9dbab7d02af51/vitrage/graph/query.py
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-28370

27 Feb 2026 06:31Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.19.1

EPSS0.00763

SSVC