CVE Catalog
CVE-2026-46447
MediumCVSS 5.8Exploitation Probability (EPSS)
Low risk0.27%
19th percentile - higher than 19% of all known CVEs
Summary
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
Risk Assessment
An attacker could exploit this vulnerability to execute malicious scripts, potentially leading to system compromise or data leakage.
Recommendation
It is recommended to upgrade OpenStack Ironic to version 35.0.2 or later to mitigate this vulnerability.
Original NVD description (English source)
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

