CVE-2026-10720

UNKNOWN 0.0

MicroCeph path traversal issue in the remote-import API

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.

CWE	CWE-23
Vendor	canonical
Product	microceph
Ecosystems	Linux
Industries	Technology
Published	Jun 19, 2026

Stay Ahead of the Next One

Get instant alerts for canonical microceph

Be the first to know when new unknown vulnerabilities affecting canonical microceph are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Canonical / Microceph

19.2.1+snap74c0060321 < 19.2.3+snapcf306793a4 20.0.0 < 20.2.0+snapbe4e67380e

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/canonical/microceph/pull/758

Credits

Owais Lone