Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

CVE-2026-44393

A flaw was found in OpenStack oslo.messaging. The RabbitMQ driver does not properly verify the hostname of the message broker when establishing a TLS Transport Layer Security connection. An attacker capable of intercepting control-plane network traffic can exploit this vulnerability to impersonat...

UBUNTU-CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal...

Linux Distros Unpatched Vulnerability : CVE-2026-50221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

CVE-2026-50221

CVE-2026-50221 affects OpenStack Swift prior to 2.37.2, where proxy-server fails to strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding to object-servers. An authenticated user with write access can inje...

RHSA-2026:28047 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (etcd) security update

Bulletin has no description...

RHSA-2026:28046 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (golang-uber-multierr) security update

Bulletin has no description...

RHSA-2026:28043 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-urllib3) security update

Bulletin has no description...

CVE-2026-54911 vulnerabilities

Vulnerabilities for packages: openstack-placement-2025.2-fips, openstack-horizon-2025.2-fips, openstack-placement-2026.1-fips, openstack-keystone-2025.2-fips, openstack-horizon-2026.1-fips, openstack-placement-2025.1-fips, openstack-keystone-2026.1-fips, openstack-horizon-2025.1-fips,...

GHSA-3J69-69WJ-XQX2 vulnerabilities

Vulnerabilities for packages: openstack-placement-2025.2-fips, openstack-horizon-2025.2-fips, openstack-placement-2026.1-fips, openstack-keystone-2025.2-fips, openstack-horizon-2026.1-fips, openstack-placement-2025.1-fips, openstack-keystone-2026.1-fips, openstack-horizon-2025.1-fips,...

GHSA-6V7P-G79W-8964 vulnerabilities

Vulnerabilities for packages: openstack-keystone-2025.1, openstack-tempest-2026.1, openstack-horizon-2025.1-fips, dbt-core, openstack-glance-2025.1-fips, openstack-keystone-2026.1, openstack-keystone-2026.1-fips, openstack-glance-2025.1, synapse, openstack-tempest-2025.2,...

PT-2026-51572

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions prior to 2.37.2 Description The proxy-server fails to strip internal update headers from client requests before forwarding them to object-servers. An authenticated user with write access can inject the headers...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-urllib3) security update

An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-50589

A flaw was found in OpenStack Ironic. An unauthenticated malicious user could exploit this vulnerability by submitting a specially crafted JSON JavaScript Object Notation string to certain API Application Programming Interface or JSON-RPC Remote Procedure Call service endpoints. This could lead t...

CVE-2026-55748

A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially...

OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...