CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-54421

A flaw was found in OpenStack Ironic. When an authorized user applies a PATCH operation to update volume properties, the system can inadvertently expose sensitive information, such as iSCSI credentials. This information disclosure vulnerability allows an attacker to gain access to credentials tha...

CVE-2026-48522 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

GHSA-993G-76C3-P5M4 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-46448

OpenStack Nova CVE-2026-46448 affects OpenStack Nova before 33.0.2. The server create API fails to strip certain hint data, resulting in instances with no Placement allocation. Connected sources confirm the impact; no exploitation details are provided in the documents. No remediation/version info...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

UBUNTU-CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

UBUNTU-CVE-2026-54421

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

EUVD-2026-36658

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

CVE-2026-54421

CVE-2026-54421 affects OpenStack Ironic (through 35.0.1). A PATCH to update fields in volume properties, restricted to the user’s permissions, can disclose unredacted sensitive information (e.g., iSCSI credentials). The PATCH outcome is identified as a security issue; the POST outcome is not. Thi...

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

PT-2026-49105

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This...

Linux Distros Unpatched Vulnerability : CVE-2026-54421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensiti...

SUSE CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

SUSE CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

SUSE CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...