CVE Catalog
CVE-2026-44916
LowCVSS 3.0Exploitation Probability (EPSS)
Low risk0.33%
24th percentile — higher than 24% of all known CVEs
Summary
In OpenStack Ironic before version 35.0.2, in a certain configuration, the instance 'instance_info['ks_template']' is rendered without proper sandboxing.
Risk Assessment
Lack of sandboxing may lead to unauthorized code execution, posing a security risk to the system.
Recommendation
It is recommended to upgrade to version 35.0.2 or later and review the configuration to ensure proper security measures.
Original NVD description (English source)
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.

