Lucene search
K

19 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-564 OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References8
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.211 views

📄 OpenStack Remote Code Execution

A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...

9.1CVSS6.3AI score0.00763EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the...

9.1CVSS8.1AI score0.00763EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.10 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score0.00763EPSS
Exploits2References1
Snyk
Snyk
added 2026/02/27 6:31 a.m.3 views

Eval Injection

Overview vitrage is a The OpenStack RCA Service Affected versions of this package are vulnerable to Eval Injection in the createqueryfunction function. An attacker can execute arbitrary code on the service host by sending crafted queries to the API endpoint. Remediation Upgrade vitrage to version...

9.9CVSS6.1AI score0.00763EPSS
Exploits2References2
OSV
OSV
added 2026/02/27 6:31 a.m.5 views

GHSA-8XWF-CR4R-856R OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score0.00763EPSS
Exploits2References6
EUVD
EUVD
added 2026/02/27 6:31 a.m.11 views

EUVD-2026-8999

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS5.9AI score0.00763EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/02/27 6:31 a.m.10 views

OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score0.00763EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2026/02/27 5:18 a.m.12 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS0.00763EPSS
Exploits2References3
OSV
OSV
added 2026/02/27 5:18 a.m.7 views

UBUNTU-CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/02/27 4:56 a.m.25 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS0.00763EPSS
Exploits2References2
OSV
OSV
added 2026/02/27 4:56 a.m.5 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score0.00763EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/02/27 4:56 a.m.4 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.4AI score0.00763EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:56 a.m.5 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.6AI score0.00763EPSS
Exploits2References3Affected Software1
Debian CVE
Debian CVE
added 2026/02/27 4:56 a.m.7 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS8.7AI score0.00763EPSS
Exploits2
CVE
CVE
added 2026/02/27 4:56 a.m.34 views

CVE-2026-28370

OpenStack Vitrage suffers a remote code execution risk in the query parser. In versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user with API access can trigger code execution on the Vitrage service host as the service user through the _create_query_function path in vitrage/graph/query.py....

9.1CVSS6AI score0.00763EPSS
Exploits2References3Affected Software1
UbuntuCve
UbuntuCve
added 2026/02/27 12:0 a.m.4 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.2AI score0.00763EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

OpenStack Vitrage 安全漏洞

OpenStack Vitrage is an analysis engine developed under the open-source OpenStack framework. Vulnerabilities exist in versions of OpenStack Vitrage prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0. These vulnerabilities stem from defects in the query parser, which may lead to code execution...

9.1CVSS7.4AI score0.00763EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.12 views

PT-2026-22298

Name of the Vulnerable Software and Affected Versions OpenStack Vitrage versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0 Description A flaw exists in the query parser of OpenStack Vitrage that could allow a user with access to the Vitrage API to trigger code execution on the Vitrage service...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References32
Rows per page
Query Builder