{"id":"PYSEC-2026-1602","summary":"OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack","details":"An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.","aliases":["CVE-2024-28718","GHSA-jx7x-9r98-h5xr"],"modified":"2026-07-07T17:46:15.268495804Z","published":"2026-07-07T11:45:38.305224Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28718"},{"type":"WEB","url":"https://github.com/openstack/magnum/commit/272fd686d8c8bf5954e9e7d3bc991ff27e46184d"},{"type":"WEB","url":"https://github.com/openstack/magnum/commit/312aa6a86ac8e62f6ed4f1e9473fdabbbb7a4b1e"},{"type":"WEB","url":"https://github.com/openstack/magnum/commit/883b40b5b0ecfc5f78758143c0d3c754458f12b7"},{"type":"WEB","url":"https://github.com/openstack/magnum/commit/e79907c521149872c1b495355a3a7b3a0c7e3479"},{"type":"WEB","url":"https://bugs.launchpad.net/magnum/+bug/2047690"},{"type":"WEB","url":"https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f"},{"type":"PACKAGE","url":"https://github.com/openstack/magnum"},{"type":"WEB","url":"https://review.opendev.org/c/openstack/magnum/+/907305"},{"type":"PACKAGE","url":"https://pypi.org/project/magnum"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-jx7x-9r98-h5xr"}],"affected":[{"package":{"name":"magnum","ecosystem":"PyPI","purl":"pkg:pypi/magnum"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.1.2"},{"introduced":"15.0.0.0rc1"},{"fixed":"15.0.2"},{"introduced":"16.0.0.0rc1"},{"fixed":"16.0.2"},{"introduced":"17.0.0.0rc1"},{"fixed":"17.0.2"}]}],"versions":["10.0.0","10.0.0.0rc1","10.0.0.0rc2","10.1.0","11.0.0","11.0.0.0rc1","11.1.0","11.1.1","11.2.0","11.2.1","12.0.0","12.0.0.0rc1","12.0.0.0rc2","12.1.0","12.1.1","13.0.0","13.0.0.0rc1","13.1.0","13.1.1","14.0.0","14.0.0.0rc1","14.0.0.0rc2","14.1.0","14.1.1","15.0.0","15.0.0.0rc1","15.0.0.0rc2","15.0.1","16.0.0","16.0.0.0rc1","16.0.1","17.0.0","17.0.0.0rc1","17.0.1","5.0.2","6.3.0","7.0.1","7.0.2","7.1.0","7.2.0","8.0.0","8.0.0.0rc1","8.0.0.0rc2","8.1.0","8.2.0","8.2.1","9.0.0","9.0.0.0rc1","9.0.0.0rc2","9.1.0","9.2.0","9.3.0","9.4.0","9.4.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/magnum/PYSEC-2026-1602.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}