Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. A privileged authenticated remote user could use this issue to perform path traversal via a crafted ISO image and overwrite arbitrary files on the Ironic conductor. (CVE-2026-48681) Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate kernel command line parameters. A privileged authenticated remote user could use this issue to inject scripts during node boot and possibly execute arbitrary code. (CVE-2026-46447) Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic incorrectly restricted access to custom PXE templates. A privileged authenticated remote user could use this issue to read arbitrary sensitive files on the Ironic conductor. (CVE-2026-44917)
Continue reading...
Continue reading...
