CVE-2026-46447

NameCVE-2026-46447
DescriptionOpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-6341-1
Debian Bugs1138842

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ironic (PTS)bullseye1:16.0.3-1vulnerable
bookworm1:21.1.0-3vulnerable
bookworm (security)1:21.4.4-0+deb12u1fixed
trixie1:29.0.0-7vulnerable
trixie (security)1:29.0.5-0+deb13u2fixed
forky, sid1:35.0.1-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ironicsourcebookworm1:21.4.4-0+deb12u1DSA-6341-1
ironicsourcetrixie1:29.0.5-0+deb13u2DSA-6341-1
ironicsource(unstable)(unfixed)1138842

Notes

https://www.openwall.com/lists/oss-security/2026/06/03/11
https://bugs.launchpad.net/ironic/+bug/2150624
Search for package or bug name: Reporting problems