Description
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.
Published: 2026-06-19
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal flaw in the remote-import API. An attacker who possesses a trusted cluster mTLS certificate or a join token can exploit this flaw to write to arbitrary files within the /var/snap/microceph confinement. The result is daemon disruption and pollution of the cluster state, as described by CWE-23.

Affected Systems

The affected products are Canonical MicroCeph on the squid and tentacle tracks. No specific version numbers are supplied; the vulnerability applies to any release from those tracks that has not been patched by Canonical.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity. The EPSS score is not available, so an exact exploitation probability cannot be stated, though the lack of an EPSS entry suggests limited public exploitation. The flaw requires authenticated access via a valid mTLS certificate or join token; the attack is therefore not remote-anonymous but can be executed by any member with sufficient credentials. The vulnerability is not listed in the CISA KEV catalog, implying no known active exploitation at the time of this analysis.

Generated by OpenCVE AI on June 19, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available MicroCeph patch or upgrade to a version that removes the path traversal flaw.
  • Limit access to the remote‑import API to only trusted cluster members by enforcing strict mTLS authentication and restricting join tokens to authorized nodes.
  • Continuously monitor the /var/snap/microceph directory for unauthorized file modifications and audit remote‑import activity for anomalous requests.

Generated by OpenCVE AI on June 19, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Description Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.
Title MicroCeph path traversal issue in the remote-import API
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-06-19T04:57:48.741Z

Reserved: 2026-06-02T22:29:08.534Z

Link: CVE-2026-10720

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T07:30:16Z

Weaknesses
  • CWE-23

    Relative Path Traversal