CVE-2026-28370 | OpenStack Vitrage up to 12.0.0 Query Parser vitrage/graph/query.py _create_query_function eval injection

A vulnerability, which was classified as problematic, has been found in OpenStack Vitrage up to 12.0.0. Impacted is the function _create_query_function of the file vitrage/graph/query.py of the component Query Parser. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code.

This vulnerability is identified as CVE-2026-28370. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More