Vulnerability Details CVE-2026-46448
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 18.9%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2026-46448
-
cpe:2.3:a:openstack:nova:*
-
cpe:2.3:a:openstack:nova:18.0.0
-
cpe:2.3:a:openstack:nova:18.0.1
-
cpe:2.3:a:openstack:nova:18.0.2
-
cpe:2.3:a:openstack:nova:18.0.3
-
cpe:2.3:a:openstack:nova:18.1.0
-
cpe:2.3:a:openstack:nova:18.2.0
-
cpe:2.3:a:openstack:nova:18.2.1
-
cpe:2.3:a:openstack:nova:18.2.2
-
cpe:2.3:a:openstack:nova:18.2.3
-
cpe:2.3:a:openstack:nova:18.2.4
-
cpe:2.3:a:openstack:nova:19.0.0
-
cpe:2.3:a:openstack:nova:19.0.1
-
cpe:2.3:a:openstack:nova:19.0.2
-
cpe:2.3:a:openstack:nova:19.0.3
-
cpe:2.3:a:openstack:nova:19.1.0
-
cpe:2.3:a:openstack:nova:19.3.1
-
cpe:2.3:a:openstack:nova:20.0.0
-
cpe:2.3:a:openstack:nova:20.1.0
-
cpe:2.3:a:openstack:nova:20.3.1
-
cpe:2.3:a:openstack:nova:21.0.0
-
cpe:2.3:a:openstack:nova:21.2.3
-
cpe:2.3:a:openstack:nova:22.0.0
-
cpe:2.3:a:openstack:nova:22.2.3
-
cpe:2.3:a:openstack:nova:23.0.0
-
cpe:2.3:a:openstack:nova:23.0.3
-
cpe:2.3:a:openstack:nova:23.2.1
-
cpe:2.3:a:openstack:nova:23.2.2
-
cpe:2.3:a:openstack:nova:24.0.0
-
cpe:2.3:a:openstack:nova:24.1.1
-
cpe:2.3:a:openstack:nova:24.1.2
-
cpe:2.3:a:openstack:nova:25.0.0
-
cpe:2.3:a:openstack:nova:25.0.1
-
cpe:2.3:a:openstack:nova:25.0.2
-
cpe:2.3:a:openstack:nova:27.3.1
-
cpe:2.3:a:openstack:nova:27.4.0
-
cpe:2.3:a:openstack:nova:27.4.1
-
cpe:2.3:a:openstack:nova:28.0.0
-
cpe:2.3:a:openstack:nova:28.1.1
-
cpe:2.3:a:openstack:nova:28.2.0
-
cpe:2.3:a:openstack:nova:28.2.1
-
cpe:2.3:a:openstack:nova:29.0.0
-
cpe:2.3:a:openstack:nova:29.0.1
-
cpe:2.3:a:openstack:nova:29.0.2
-
cpe:2.3:a:openstack:nova:29.0.3
-
cpe:2.3:a:openstack:nova:29.1.0
-
cpe:2.3:a:openstack:nova:29.1.1