CVE-2026-10720: Canonical MicroCeph Remote-Import API Path Traversal
CVE-2026-10720 Published on June 19, 2026

MicroCeph path traversal issue in the remote-import API
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state.

NVD

Weakness Type

Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.

Affected Versions

Canonical Microceph:

Version 19.2.1+snap74c0060321 and below 19.2.3+snapcf306793a4 is affected.
Version 20.0.0 and below 20.2.0+snapbe4e67380e is affected.

CVE-2026-10720: Canonical MicroCeph Remote-Import API Path TraversalCVE-2026-10720 Published on June 19, 2026

Weakness Type

Relative Path Traversal

Affected Versions

CVE-2026-10720: Canonical MicroCeph Remote-Import API Path Traversal
CVE-2026-10720 Published on June 19, 2026