Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Openstack Subscribe
Filtered by product Ironic
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-46447 1 Openstack 1 Ironic 2026-06-04 N/A 5.8 MEDIUM
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
CVE-2026-44917 1 Openstack 1 Ironic 2026-06-04 N/A 4.9 MEDIUM
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
CVE-2026-48681 1 Openstack 1 Ironic 2026-06-04 N/A 5.9 MEDIUM
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
CVE-2015-7514 1 Openstack 1 Ironic 2026-05-13 4.0 MEDIUM 6.5 MEDIUM
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.