OpenStack Nova CVE-2026-24708
HIGHSeverity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
AnalysisAI
OpenStack Nova compute nodes using the Flat image backend can have their host data destroyed when an authenticated user crafts a malicious QCOW header on a disk image and triggers a resize operation, causing qemu-img to execute without format restrictions. Affected versions include Nova before 30.2.2, 31.x before 31.2.1, and 32.x before 32.1.1, with no patch currently available. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Nova compute node configured with Flat image backend (use_cow_images=False). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 8.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker could exploit this flaw, an unsafe image resize operation that could destroy data on. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all OpenStack Nova deployments and identify which systems run versions up to 30.2.2; establish incident response readiness. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-m4f3-qp2w-gwh6