Vulnerabilities in OpenStack
37 resultsCVE-2013-2255—HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-sideEPSS 1.0%CVE-2026-28370CRITICALIn the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger codEPSS 0.8%CVE-2026-43003HIGHAn issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install froEPSS 0.7%CVE-2026-41283CRITICALOpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code executiEPSS 0.7%CVE-2026-48681MEDIUMOpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.EPSS 0.6%CVE-2022-38065HIGHA privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissivEPSS 0.6%CVE-2026-42510MEDIUMOpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.EPSS 0.6%CVE-2026-44919MEDIUMIn OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///EPSS 0.5%CVE-2026-22797CRITICALAn issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.1EPSS 0.5%CVE-2026-43001HIGHAn issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for aEPSS 0.4%CVE-2026-42997HIGHAn issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be senEPSS 0.4%CVE-2026-24708HIGHAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a rooEPSS 0.4%CVE-2026-43002MEDIUMAn issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before aEPSS 0.4%CVE-2026-50589MEDIUMIn OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JEPSS 0.4%CVE-2026-44916LOWIn OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.EPSS 0.3%CVE-2026-49017HIGHIn OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request boEPSS 0.3%CVE-2026-40683HIGHIn OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enableEPSS 0.3%CVE-2026-42998MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that EPSS 0.3%CVE-2026-49299MEDIUMIn OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defiEPSS 0.3%CVE-2026-54421MEDIUMIn OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can returnEPSS 0.3%