CVE-2026-46448

OpenStack Nova before 33.0.2 is affected: the server create API does not strip internal _nova-prefixed scheduler hints, causing instances to be created without proper Placement allocation. This can enable resource misallocation and, in worst cases, denial of service through compute-node resource ...