{"id":"PYSEC-2026-690","summary":"Openstack nova qcow format could expose host filesystem information","details":"Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.","aliases":["CVE-2011-3147","GHSA-hqfx-4x4w-vmwp"],"modified":"2026-07-06T08:00:47.595708798Z","published":"2026-07-02T14:13:17.701725Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3147"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84"},{"type":"WEB","url":"https://bugs.launchpad.net/nova/+bug/853330"},{"type":"WEB","url":"http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604"},{"type":"PACKAGE","url":"https://pypi.org/project/nova"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hqfx-4x4w-vmwp"}],"affected":[{"package":{"name":"nova","ecosystem":"PyPI","purl":"pkg:pypi/nova"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.0.0a0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-690.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"}]}