New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 5.4 PyPI

OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints

GHSA-mfg3-p6m3-gjgr · CVE-2026-46448

Published · Modified

Description

Affects

  • Nova: >=18.0.0 <31.3.1, >=32.0.0 <32.2.1, >=33.0.0 <33.0.2

Description

Erichen from the Institute of Computing Technology, Chinese Academy of
Sciences reported that Nova's server create API does not strip internal
scheduler hints. An authenticated user can bypass Placement resource
claims and scheduling constraint enforcement, including availability
zone, host aggregate, and image trait restrictions. The resulting
instance has no Placement allocation, which can lead to compute node
resource exhaustion and cross-tenant data persistence on NVMe devices
after instance deletion. Deployments running Nova 18.0.0 or later are
affected.

Patches

Credits

  • Erichen from Institute of Computing Technology, Chinese Academy of
    Sciences (CVE-2026-46448)

Ready to move

Start Securing

Free, no credit card | First findings in minutes