Openstack: >> Ironic Security Vulnerabilities
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
CVSS Score
5.9
EPSS Score
0.001
Published
2026-06-04
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
CVSS Score
4.9
EPSS Score
0.0
Published
2026-06-04
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
CVSS Score
5.8
EPSS Score
0.0
Published
2026-06-03
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-06-07