CVE-2026-46448

A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...

Linux Distros Unpatched Vulnerability : CVE-2026-46448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. CVE-2026-46448 Note...

EUVD-2026-37218

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

USN-8434-1 nova vulnerability

It was discovered that Nova did not strip internal nova-prefixed scheduler hints supplied by users on instance creation. An attacker could possibly use this issue to bypass Placement resource claims and scheduling constraint enforcement...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-46448

OpenStack Nova CVE-2026-46448 affects OpenStack Nova before 33.0.2. The server create API fails to strip certain hint data, resulting in instances with no Placement allocation. Connected sources confirm the impact; no exploitation details are provided in the documents. No remediation/version info...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

UBUNTU-CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-32993

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +49 more potentially affected by CVE-2026-8597 via sagemaker (>=3.12.0 <=3.5.0)

sagemaker PYPI version =3.12.0, =0.1.0, =0.4.4, =1.3.16, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source cves: CVE-2026-8597 Source advisory: OSV:GHSA-RQ6V-X3J8-7QGF...

amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), autogluon-cloud (>=0.1.1b20230324 <=0.2.1b20231219) +19 more potentially affected by CVE-2026-8596 via sagemaker (>=2.199.0 <=2.254.1)

sagemaker PYPI version =2.199.0, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =2.1.0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =0.4.6, =0.4.0, =0.5.5 and more Source cves: CVE-2026-8596 Source advisory: OSV:GHSA-7HH5-PRP2-MFH5...

EUVD-2026-30181

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

CVE-2026-32993

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

CVE-2026-32993

CVE-2026-32993 describes an vulnerability in cPanel & WHM where improper sanitization of the status query parameter on the /unprotected/nova_error endpoint allows an unauthenticated attacker to inject arbitrary HTTP headers in the response. The root cause is insufficient input handling for the st...

CVE-2026-32993

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

CVE-2026-32993

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

cPanel 注入漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability known as “injection attack,” which stems from improper cleaning of the status query parameters in the...

CVE-2026-29203

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path...

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...