CVE-2026-10720

Summary

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.

Affected Software

VendorProductVersion RangeStatus
CanonicalMicroceph19.2.1+snap74c0060321 < 19.2.3+snapcf306793a4affected
CanonicalMicroceph20.0.0 < 20.2.0+snapbe4e67380eaffected

Weaknesses

  • CWE-23: CWE-23 Relative path traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References