Browse all 21 CVE security advisories affecting OpenStack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenStack is an open-source cloud computing platform primarily used for building and managing private and public clouds. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 20 CVEs currently documented. The platform's complex, modular architecture introduces multiple attack surfaces. Notable security characteristics include its extensive permission model and isolation mechanisms, though misconfigurations remain a common risk. While no major public security incidents have been widely reported, the platform's widespread adoption in enterprise environments makes it a persistent target for attackers seeking to exploit vulnerabilities in its core services and APIs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-44916 | OpenStack Ironic 35.x沙盒绕过漏洞 — IronicCWE-1336 | 3.0 | Low | 2026-05-08 |
| CVE-2026-42997 | OpenStack Ironic多版本身份验证绕过漏洞 — IronicCWE-669 | 7.7 | High | 2026-05-05 |
| CVE-2026-42510 | OpenStack Ironic 安全漏洞 — IronicCWE-829 | 6.6 | Medium | 2026-04-28 |
| CVE-2025-44021 | OpenStack Ironic 安全漏洞 — IronicCWE-22 | 2.8 | Low | 2025-05-08 |
This page lists every published CVE security advisory associated with OpenStack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.