CVE Catalog

CVE-2026-46448

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

A vulnerability in OpenStack Nova before version 33.0.2 allows bypassing Placement allocation during instance creation via the API. The server does not strip certain hint data, resulting in no Placement allocation for the instance.

Risk Assessment

Lack of Placement allocation can lead to uncontrolled resource allocation, potentially causing overload of physical nodes and destabilization of the cloud environment.

Recommendation

It is recommended to immediately upgrade OpenStack Nova to version 33.0.2 or later, which fixes this vulnerability.

Original NVD description (English source)

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS