Skip to main content

OpenStack Nova CVE-2026-24708

HIGH
Incorrect Resource Transfer Between Spheres (CWE-669)
2026-02-18 cve@mitre.org GHSA-m4f3-qp2w-gwh6
8.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.2 HIGH
AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Red Hat
7.1 HIGH
qualitative

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 18, 2026 - 18:24 nvd
HIGH 8.2

DescriptionCVE.org

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.

AnalysisAI

OpenStack Nova compute nodes using the Flat image backend can have their host data destroyed when an authenticated user crafts a malicious QCOW header on a disk image and triggers a resize operation, causing qemu-img to execute without format restrictions. Affected versions include Nova before 30.2.2, 31.x before 31.2.1, and 32.x before 32.1.1, with no patch currently available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Nova compute tenant
Delivery
Write malicious QCOW header to root/ephemeral disk
Exploit
Trigger instance resize operation
Execution
Nova calls qemu-img without format restriction
Impact
Unsafe image resize destroys host data

Vulnerability AssessmentAI

Exploitation Nova compute node configured with Flat image backend (use_cow_images=False). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker could exploit this flaw, an unsafe image resize operation that could destroy data on.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all OpenStack Nova deployments and identify which systems run versions up to 30.2.2; establish incident response readiness. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

CVE-2026-24708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy