CVE-2026-46447

5.8 MEDIUM

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info

Published: 2026-06-03 · Last updated: 2026-06-04

Severity and scoring

Vendor	Product
openstack	ironic

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

Source: NVD

Same vendor

CVE-2026-48681 — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
CVE-2026-44917 — OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via ... (4.9 MEDIUM)
CVE-2026-44394 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)
CVE-2026-43000 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)
CVE-2026-42999 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)

Same CWE

CVE-2026-44917 — OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via ... (4.9 MEDIUM)
CVE-2026-48847 — Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache sessio... (3.7 LOW)
CVE-2026-48846 — In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var(... (6.5 MEDIUM)
CVE-2026-48845 — In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to l... (6.5 MEDIUM)
CVE-2026-48831 — Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types