CVE-2026-46447
EUVD-2026-3418103.06.2026, 22:16
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openstack | ironic | 17.0.0 ≤ 𝑥 < 26.1.7 |
| openstack | ironic | 27.0.0 ≤ 𝑥 < 29.0.6 |
| openstack | ironic | 30.0.0 ≤ 𝑥 < 32.0.2 |
| openstack | ironic | 33.0.0 ≤ 𝑥 < 35.0.2 |
𝑥
= Vulnerable software versions
Debian Releases