CVE-2026-46447

OpenStack Ironic through 35.0.x allows Boot Script Injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
ironic
bookworm
vulnerable
bullseye
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
References
https://bugs.launchpad.net/ironic/+bug/2150624
https://security.openstack.org/ossa/OSSA-2026-017.html
http://www.openwall.com/lists/oss-security/2026/06/03/11