CVE-2026-46448
Publication date 16 June 2026
Last updated 25 June 2026
Ubuntu priority
Description
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| nova | 26.04 LTS resolute |
Fixed 3:33.0.0-0ubuntu3.1
|
| 25.10 questing |
Fixed 3:32.0.0-0ubuntu1.3
|
|
| 24.04 LTS noble |
Fixed 3:29.2.0-0ubuntu1.7
|
|
| 22.04 LTS jammy |
Fixed 3:25.2.1-0ubuntu2.11
|
|
| 20.04 LTS focal |
Vulnerable
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.4 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L