Vulnerability in OpenStack Nova's Image Resizing Functionality
CVE-2026-24708

8.2HIGH

Key Information:

Vendor: Openstack
Status: Nova
Vendor: CVE Published:; 18 February 2026

What is CVE-2026-24708?

A vulnerability exists in OpenStack Nova that allows a user to exploit the image resizing functionality. By crafting a malicious QCOW header for a root or ephemeral disk and initiating a resize, an unauthorized user may trick Nova's Flat image backend into invoking qemu-img without necessary format restrictions. This could lead to unsafe image resize operations, potentially resulting in data loss on the host system. The vulnerability affects only those compute nodes configured with the Flat image backend, specifically when 'use_cow_images' is set to false.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nova 0 < 30.2.2

Nova 31.0.0 < 31.2.1

Nova 32.0.0 < 32.1.1

References

https://bugs.launchpad.net/nova/+bug/2137507

https://www.openwall.com/lists/oss-security/2026/02/17/7

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 18, 2026
Vulnerability Reserved
Jan 24, 2026

JSON

Openstack

What is CVE-2026-24708?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.