Hi yaook users, yesterday OpenStack published a security advisory for nova. Nova’s server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling constraint enforcement, including availability zone, host aggregate, and image trait restrictions. The resulting instance has no Placement allocation, which can lead to compute node resource exhaustion and cross-tenant data persistence on NVMe devices after instance deletion. The following images are vulnerable: nova images before 1.1.141 yaook release before 2.3.2 Hints on upgrading are written at our security advisory[1] Best regards Stefan [1] https://yaook.cloud/security-advisories-cve-2026-46448/ -- Stefan Hoffmann DevOps Engineer Cloud&Heat Technologies GmbH Königsbrücker Straße 96 | 01099 Dresden +49 351 479 367 36 stefan.hoffmann@cloudandheat.com | www.cloudandheat.com Green, Open, Efficient. Ihr Cloud-Service- und Cloud-Technologie-Provider aus Dresden. https://www.cloudandheat.com/ Commercial Register: District Court Dresden Register Number: HRB 30549 VAT ID No.: DE281093504 Managing Director: Nicolas Röhrs Authorized signatory: Dr. Marius Feldmann