CVE Catalog

CVE-2026-46447

MediumCVSS 5.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

Risk Assessment

An attacker could exploit this vulnerability to execute malicious scripts, potentially leading to system compromise or data leakage.

Recommendation

It is recommended to upgrade OpenStack Ironic to version 35.0.2 or later to mitigate this vulnerability.

Original NVD description (English source)

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS