CVE-2026-10720

Vulnerability Description

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-23

Source

NVD

Vendor

Canonical

Product

Microceph

External References

https://github.com/canonical/microceph/pull/758

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment