CVE-2026-10720
Deferred Deferred - Pending Action

Path Traversal in Canonical MicroCeph

Vulnerability report for CVE-2026-10720, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-22

Assigner: Canonical Ltd.

Description

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-22
Generated
2026-07-09
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
canonical microceph to 2026-06-09 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-10720 is a security vulnerability in Canonical MicroCeph versions from the squid and tentacle tracks. It involves a path traversal flaw in the remote-import API. This flaw allows holders of a trusted cluster mTLS certificate or a join token to manipulate files within the /var/snap/microceph confinement of an imported remote cluster.

Exploiting this vulnerability could lead to disruption of the MicroCeph daemon and corruption or pollution of the cluster state.

Impact Analysis

This vulnerability can impact you by allowing an attacker with a trusted cluster mTLS certificate or join token to manipulate files within the MicroCeph cluster environment.

Such manipulation can cause disruption of the MicroCeph daemon, which may affect the availability and stability of the cluster services.

Additionally, the attacker can corrupt or pollute the cluster state, potentially leading to data integrity issues or operational failures within the cluster.

Mitigation Strategies

To mitigate this vulnerability, you should update MicroCeph to a version that includes the fix implemented in Pull Request #758, merged on June 9, 2026.

This update addresses the path traversal flaw in the remote-import API that allows manipulation of files within the /var/snap/microceph confinement.

Additionally, restrict access to trusted cluster mTLS certificates and join tokens to prevent unauthorized manipulation.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10720. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart