CVE-2026-10720
Received Received - Intake
Path Traversal in Canonical MicroCeph

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: Canonical Ltd.

Description
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-10720
EUVD
EUVD-2026-37990
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canonical microceph to 2026-06-09 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10720 is a security vulnerability in Canonical MicroCeph versions from the squid and tentacle tracks. It involves a path traversal flaw in the remote-import API. This flaw allows holders of a trusted cluster mTLS certificate or a join token to manipulate files within the /var/snap/microceph confinement of an imported remote cluster.

Exploiting this vulnerability could lead to disruption of the MicroCeph daemon and corruption or pollution of the cluster state.

Impact Analysis

This vulnerability can impact you by allowing an attacker with a trusted cluster mTLS certificate or join token to manipulate files within the MicroCeph cluster environment.

Such manipulation can cause disruption of the MicroCeph daemon, which may affect the availability and stability of the cluster services.

Additionally, the attacker can corrupt or pollute the cluster state, potentially leading to data integrity issues or operational failures within the cluster.

Mitigation Strategies

To mitigate this vulnerability, you should update MicroCeph to a version that includes the fix implemented in Pull Request #758, merged on June 9, 2026.

This update addresses the path traversal flaw in the remote-import API that allows manipulation of files within the /var/snap/microceph confinement.

Additionally, restrict access to trusted cluster mTLS certificates and join tokens to prevent unauthorized manipulation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10720. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart