VYPR
← All advisories
Medium severity5.4NVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026

CVE-2026-46448

CVE-2026-46448

Description

An authenticated user can bypass Placement resource claims and scheduling constraints by injecting the _nova_check_type sentinel value into the Nova server create API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated user can bypass Placement resource claims and scheduling constraints by injecting the `_nova_check_type` sentinel value into the Nova server create API.

Vulnerability

In OpenStack Nova before 33.0.2, the server create API does not strip internal scheduler hints, allowing an authenticated attacker to inject the _nova_check_type sentinel value via the os:scheduler_hints property [1][2]. This tricks the scheduler into treating a create request as a rebuild operation, bypassing Placement resource claims entirely [1]. Affected versions include Nova >=18.0.0 <31.3.1, >=32.0.0 <32.2.1, and >=33.0.0 <33.0.2 [2].

Exploitation

An attacker with valid OpenStack credentials can craft a server create request containing {"_nova_check_type": "rebuild"} in the os:scheduler_hints block [1]. The JSON schema for the /servers create API allows additional properties without filtering internal sentinel values prefixed with _nova_, and the user-provided hints are passed directly to the scheduler without stripping [1]. Type coercion in DictOfListOfStringsField transforms the scalar string "rebuild" to the list ['rebuild'], matching the scheduler's explicit check in nova/scheduler/utils.py [1]. No special network position or race condition is required; the attacker only needs API access to create instances.

Impact

Successful exploitation bypasses Placement resource allocation entirely, allowing the attacker to create ghost instances that consume compute host resources without being accounted for in the Placement service [1][2]. This denies resources to legitimate users, can cause compute hosts to crash due to physical resource exhaustion, and circumvents scheduling constraints such as availability zone and host aggregate enforcement [2].

Mitigation

Fixed in Nova 31.3.1, 32.2.1, and 33.0.2 [2]. Users should upgrade to these or later versions immediately. No workaround is available for unpatched deployments. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

References
  1. Bug #2151252 “[OSSA-2026-022] Nova scheduler hint injection bypa...” : Bugs : OpenStack Compute (nova)
  2. security - [OSSA-2026-022] OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints (CVE-2026-46448)

AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Unfiltered user-controlled scheduler hints allow injection of the internal `_nova_check_type` sentinel, causing the scheduler to bypass Placement resource claims."

Attack vector

An authenticated attacker (standard tenant permissions) sends a server-create request with the scheduler hint `{"_nova_check_type": "rebuild"}`. Because the JSON schema permits arbitrary `_nova_`-prefixed keys and the scheduler evaluates the token without authorization, the code path treats the operation as a rebuild and skips Placement resource allocation. This bypasses resource constraints, allowing uncontrolled instance creation that consumes host CPU, memory, and disk without Placement accounting.

Affected code

The flaw originates in `nova/api/openstack/compute/schemas/servers.py` where the `os:scheduler_hints` block has `additionalProperties: True` and does not strip internal `_nova_`-prefixed keys. The unfiltered hints are passed through `nova/api/openstack/compute/servers.py` into the RPC worker, and `nova/scheduler/utils.py`'s `request_is_rebuild()` checks `check_type == ['rebuild']` against user-controlled data.

What the fix does

The patch is not yet published; the advisory states no patched version is available. The recommended remediation is to add server-side filtering in the API layer to strip any scheduler-hint key with a `_nova_` prefix before the hints reach the scheduler, and to strengthen the `request_is_rebuild()` check so that it does not trust user-supplied `_nova_check_type`. Without this sanitization, the scheduler cannot distinguish legitimate internal rebuild signals from attacker-injected ones.

Preconditions

  • authThe attacker must possess a valid Keystone token with standard tenant-level permissions to create instances.
  • configThe OpenStack Nova compute service must be processing incoming API requests.
  • networkThe request is an HTTP POST with JSON body to the /v2.1/servers endpoint.

Reproduction

1. Obtain a valid Keystone token, image ID, flavor ID, and network ID. 2. Run the published exploit script from `https://gist.github.com/YLChen-007/8652024c322ab3e9580cc7b3e7363670`: `python3 poc_exploit.py`. 3. Verify the instance is created without a Placement allocation by running `openstack resource provider allocation show <host_uuid>`.

Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.