CVE-2026-44917

4.9 MEDIUM

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via ...

Published: 2026-06-04 · Last updated: 2026-06-04

Severity and scoring

CVSS: 4.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-669

Affected products

Vendor	Product
openstack	ironic

Description

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-48681 — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
CVE-2026-46447 — OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info (5.8 MEDIUM)
CVE-2026-44394 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)
CVE-2026-43000 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)
CVE-2026-42999 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)

Same CWE

CVE-2026-46447 — OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info (5.8 MEDIUM)
CVE-2026-48847 — Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache sessio... (3.7 LOW)
CVE-2026-48846 — In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var(... (6.5 MEDIUM)
CVE-2026-48845 — In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to l... (6.5 MEDIUM)
CVE-2026-48831 — Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types