CVE-2026-10720 | Canonical MicroCeph versions from the squid and tentacle tra… | CVSS 5.1 MEDIUM

Description

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.

Metadata

CVE ID: CVE-2026-10720
State: PUBLISHED
Assigner: canonical
Reserved: 2026-06-02 22:29 UTC
Published: 2026-06-19 04:57 UTC
Last updated: 2026-06-19 04:57 UTC
Primary CWE: CWE-23
CWE-23 Relative path traversal
Vendor / Product: Canonical / Microceph
Sources: cve.org · NVD

Severity & Metrics

5.1 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H

Affected products (1)

Vendor	Product	Platform	Versions
Canonical	Microceph	Linux	19.2.1+snap74c0060321 < 19.2.3+snapcf306793a4, 20.0.0 < 20.2.0+snapbe4e67380e

Weakness (CWE)

CWE	Source	Description
CWE-23	cna	CWE-23 Relative path traversal

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.1	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H

References (1)

https://github.com/canonical/microceph/pull/758