CVE Catalog

CVE-2026-44916

LowCVSS 3.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile — higher than 24% of all known CVEs

Summary

In OpenStack Ironic before version 35.0.2, in a certain configuration, the instance 'instance_info['ks_template']' is rendered without proper sandboxing.

Risk Assessment

Lack of sandboxing may lead to unauthorized code execution, posing a security risk to the system.

Recommendation

It is recommended to upgrade to version 35.0.2 or later and review the configuration to ensure proper security measures.

Original NVD description (English source)

In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS