CVE-2026-24708: CWE-669 Incorrect Resource Transfer Between Spheres in OpenStack Nova
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
AI Analysis
Technical Summary
CVE-2026-24708 is a vulnerability classified under CWE-669 (Incorrect Resource Transfer Between Spheres) affecting OpenStack Nova versions before 30.2.2, 31.2.1, and 32.1.1. The flaw occurs specifically on compute nodes configured with the Flat image backend (use_cow_images=False). An attacker with the ability to write a malicious QCOW image header to a root or ephemeral disk can trigger a resize operation. During this operation, Nova calls the qemu-img tool without enforcing format restrictions, allowing the malicious image header to cause an unsafe resize. This unsafe operation can lead to corruption or destruction of data on the host system, impacting the integrity and availability of the host. The vulnerability requires low privileges (a user capable of writing to the disk image) but does not require user interaction. The CVSS v3.1 score is 8.2 (high), reflecting network attack vector, high impact on integrity and availability, and low privileges required. No public exploits are known at this time. The vulnerability highlights a critical flaw in how Nova handles image resizing with the Flat backend, which is less commonly used but still present in some deployments. The issue is mitigated by upgrading to patched versions (30.2.2, 31.2.1, 32.1.1 or later) or by configuring Nova to use copy-on-write images (use_cow_images=True), which avoids the unsafe code path.
Potential Impact
For European organizations, this vulnerability poses a significant risk to cloud infrastructure relying on OpenStack Nova with the Flat image backend. Successful exploitation can lead to destruction or corruption of host data, resulting in service outages, data loss, and potential downtime for critical applications. This can affect cloud service providers, enterprises running private clouds, and research institutions using OpenStack. The integrity and availability of compute nodes are directly threatened, potentially impacting multi-tenant environments and causing cascading failures. Given the high CVSS score and the critical role of compute nodes, the operational impact can be severe. Additionally, recovery from data destruction may require extensive restoration efforts, increasing operational costs. Organizations in sectors with strict data integrity and availability requirements, such as finance, healthcare, and government, are particularly vulnerable. The lack of known exploits provides a window for proactive mitigation, but the potential for future exploitation remains.
Mitigation Recommendations
1. Upgrade OpenStack Nova to versions 30.2.2, 31.2.1, 32.1.1 or later where the vulnerability is patched. 2. If immediate upgrade is not feasible, reconfigure compute nodes to enable copy-on-write images by setting use_cow_images=True, which avoids the vulnerable Flat image backend code path. 3. Restrict write access to root and ephemeral disk images to trusted users only, minimizing the risk of malicious QCOW header injection. 4. Monitor and audit image resize operations and logs for unusual activity that could indicate exploitation attempts. 5. Implement strict network segmentation and access controls on compute nodes to limit exposure. 6. Regularly review and update security policies around image management and resizing procedures. 7. Consider deploying runtime integrity monitoring on compute nodes to detect unexpected file system or disk image modifications. 8. Educate cloud administrators about the risks of using the Flat image backend and encourage migration to safer configurations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain
CVE-2026-24708: CWE-669 Incorrect Resource Transfer Between Spheres in OpenStack Nova
Description
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
AI-Powered Analysis
Technical Analysis
CVE-2026-24708 is a vulnerability classified under CWE-669 (Incorrect Resource Transfer Between Spheres) affecting OpenStack Nova versions before 30.2.2, 31.2.1, and 32.1.1. The flaw occurs specifically on compute nodes configured with the Flat image backend (use_cow_images=False). An attacker with the ability to write a malicious QCOW image header to a root or ephemeral disk can trigger a resize operation. During this operation, Nova calls the qemu-img tool without enforcing format restrictions, allowing the malicious image header to cause an unsafe resize. This unsafe operation can lead to corruption or destruction of data on the host system, impacting the integrity and availability of the host. The vulnerability requires low privileges (a user capable of writing to the disk image) but does not require user interaction. The CVSS v3.1 score is 8.2 (high), reflecting network attack vector, high impact on integrity and availability, and low privileges required. No public exploits are known at this time. The vulnerability highlights a critical flaw in how Nova handles image resizing with the Flat backend, which is less commonly used but still present in some deployments. The issue is mitigated by upgrading to patched versions (30.2.2, 31.2.1, 32.1.1 or later) or by configuring Nova to use copy-on-write images (use_cow_images=True), which avoids the unsafe code path.
Potential Impact
For European organizations, this vulnerability poses a significant risk to cloud infrastructure relying on OpenStack Nova with the Flat image backend. Successful exploitation can lead to destruction or corruption of host data, resulting in service outages, data loss, and potential downtime for critical applications. This can affect cloud service providers, enterprises running private clouds, and research institutions using OpenStack. The integrity and availability of compute nodes are directly threatened, potentially impacting multi-tenant environments and causing cascading failures. Given the high CVSS score and the critical role of compute nodes, the operational impact can be severe. Additionally, recovery from data destruction may require extensive restoration efforts, increasing operational costs. Organizations in sectors with strict data integrity and availability requirements, such as finance, healthcare, and government, are particularly vulnerable. The lack of known exploits provides a window for proactive mitigation, but the potential for future exploitation remains.
Mitigation Recommendations
1. Upgrade OpenStack Nova to versions 30.2.2, 31.2.1, 32.1.1 or later where the vulnerability is patched. 2. If immediate upgrade is not feasible, reconfigure compute nodes to enable copy-on-write images by setting use_cow_images=True, which avoids the vulnerable Flat image backend code path. 3. Restrict write access to root and ephemeral disk images to trusted users only, minimizing the risk of malicious QCOW header injection. 4. Monitor and audit image resize operations and logs for unusual activity that could indicate exploitation attempts. 5. Implement strict network segmentation and access controls on compute nodes to limit exposure. 6. Regularly review and update security policies around image management and resizing procedures. 7. Consider deploying runtime integrity monitoring on compute nodes to detect unexpected file system or disk image modifications. 8. Educate cloud administrators about the risks of using the Flat image backend and encourage migration to safer configurations.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-24T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6996fb4b8fb9188dea8c0ded
Added to database: 2/19/2026, 12:00:11 PM
Last enriched: 2/19/2026, 12:10:23 PM
Last updated: 2/20/2026, 9:48:56 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2858: Out-of-Bounds Read in wren-lang wren
MediumCVE-2026-27120: CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in vapor leaf-kit
MediumCVE-2026-27118: CWE-346: Origin Validation Error in sveltejs kit
MediumCVE-2026-27112: CWE-863: Incorrect Authorization in akuity kargo
CriticalCVE-2026-27111: CWE-862: Missing Authorization in akuity kargo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.