{"version":"1.0","provider_name":"Yaook","provider_url":"https:\/\/yaook.cloud\/en","author_name":"Stefan Hoffmann","author_url":"https:\/\/yaook.cloud\/en\/author\/yaook-admin\/","title":"security-advisories\/cve-2026-46448 &#187; Yaook","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"tXwLPqDtk4\"><a href=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-46448\/\">security-advisories\/cve-2026-46448<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-46448\/embed\/#?secret=tXwLPqDtk4\" width=\"600\" height=\"338\" title=\"&#8220;security-advisories\/cve-2026-46448&#8221; &#8212; Yaook\" data-secret=\"tXwLPqDtk4\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/yaook.cloud\/wp-includes\/js\/wp-embed.min.js\n<\/script>","description":"YAOOK Security Advisory CVE-2026-46448 Date: 2026-06-17 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2026-022.html What are CVE-2026-46448 and how do they affect YAOOK? Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova\u2019s server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling constraint enforcement, including availability [&hellip;]"}