CVE-2026-24708

CWE-669CWE-7310 documents9 sources
Severity
8.2HIGH
EPSS
0.1%
top 81.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedFeb 18

Description

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.8

Affected Packages4 packages

CVEListV5openstack/nova31.0.031.2.1+2
Debiannova< 2:22.4.0-1~deb11u7+3
PyPINova32.0.0.0rc132.1.0+2
PyPInova32.0.0.0rc132.1.0+2

🔴Vulnerability Details

4
OSV
CVE-2026-24708: An issue was discovered in OpenStack Nova before 302026-02-18
CVEList
CVE-2026-24708: An issue was discovered in OpenStack Nova before 302026-02-18
GHSA
OpenStack Nova calls qemu-img without format restrictions for resize2026-02-18
OSV
OpenStack Nova calls qemu-img without format restrictions for resize2026-02-18

📋Vendor Advisories

3
Red Hat
openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova2026-02-17
Ubuntu
Nova vulnerability2026-02-17
Debian
CVE-2026-24708: nova - An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 3...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-24708 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-24708 openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova2026-01-16
CVE-2026-24708 (HIGH CVSS 8.2) | An issue was discovered in OpenStac | cvebase.io