CVE-2026-24708
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
| CWE | CWE-669 |
| Vendor | openstack |
| Product | nova |
| Published | Feb 18, 2026 |
| Last Updated | Feb 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for openstack nova
Be the first to know when new high vulnerabilities affecting openstack nova are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
OpenStack / Nova
0 < 30.2.2 31.0.0 < 31.2.1 32.0.0 < 32.1.1