Path Traversal Vulnerability in Canonical MicroCeph by Canonical
CVE-2026-10720

5.1MEDIUM

Key Information:

Vendor: Canonical
Status: Microceph
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-10720?

The Canonical MicroCeph software is vulnerable to a path traversal issue through its remote-import API, allowing users with a trusted cluster mTLS certificate or join token to manipulate files within an imported remote cluster. This vulnerability can lead to unwanted alteration of critical files in the /var/snap/microceph confinement, resulting in potential disruption of daemon processes and a polluted cluster state.

Affected Version(s)

Microceph Linux 19.2.1+snap74c0060321 < 19.2.3+snapcf306793a4

Microceph Linux 20.0.0 < 20.2.0+snapbe4e67380e

References

https://github.com/canonical/microceph/pull/758

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Jun 2, 2026

Credit

Owais Lone

CVE-2026-10720 Data

JSON