Red Hat Product Errata RHSA-2026:7884 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:7884 - Security Advisory Overview Updated Packages Synopsis Important: Red Hat OpenStack Services on OpenShift 18.0.18 (openstack-nova) security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openstack-nova is now available for Red Hat OpenStack Services on OpenShift 18.0.18 (Antelope). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenStack Compute (nova) is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects. OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors. Security Fix(es): Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova (CVE-2026-24708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat OpenStack Services on OpenShift 18.0 x86_64 Fixes BZ - 2430312 - CVE-2026-24708 openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova CVEs CVE-2026-24708 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat OpenStack Services on OpenShift 18.0 SRPM openstack-nova-27.5.2-18.0.20260312122217.c1c6d67.el9ost.src.rpm SHA-256: 421f0f14c82dda49475271c443116e966b3a38177a731c155b6bd48d497e1488 x86_64 openstack-nova-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: a0f0f07a340f642386919130c5611b6e1c069ad8715953e9a8a0f70b45576376 openstack-nova-api-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: de3bbced2dab7ee1d7aadb2a8aec286665d282ba220d4f6edf452fb2b61f6d15 openstack-nova-common-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: 335a6744ee709821856c6cc6f536df1deaf8b3fcbe0ff914ac8f47c66a0b3878 openstack-nova-compute-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: 1d238378175cd1b4d5fff54e6818bb439e3f4719cc5ea1434ffcadf9448922cd openstack-nova-conductor-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: e3c11d7c532769762e3af3d8099532032b15088fcdbecbd72ac5ead25c911f1b openstack-nova-migration-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: ac50bc6ba05f34c76b7911b74d302f15c0edec931e96fe3fc9d42ad2ab96792f openstack-nova-novncproxy-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: db33365356a6037183a204ed0c97ca4f9e4d4fbfe6487d764d30b80fdf7153c7 openstack-nova-scheduler-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: c59be468e141dc8480296209dbded587684288ed5060b60895dd19615cf2aa3a openstack-nova-serialproxy-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: 3be615bd2eba6fff2c7c4b1ab4314f7589c7a6fbffa39181adc52e2e9d0c2349 openstack-nova-spicehtml5proxy-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: bca583d5fb5c26e91e561e54afff6d3c1e54332590098ca56ca4bb9d0180ef49 python3-nova-27.5.2-18.0.20260312122217.c1c6d67.el9ost.noarch.rpm SHA-256: 728731e593a390dcd7505272a62308695bab63884e1a788cae2bf0d1abfaa55e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .