Medium severity5.8NVD Advisory· Published Jun 3, 2026· Updated Jun 15, 2026
CVE-2026-46447
CVE-2026-46447
Description
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- security.openstack.org/ossa/OSSA-2026-017.htmlnvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2026/06/03/11nvdMailing ListThird Party Advisory
- bugs.launchpad.net/ironic/+bug/2150624nvdIssue Tracking
- www.openwall.com/lists/oss-security/2026/06/15/9nvd
News mentions
1- OpenStack: Critical RCE and Multiple Ironic Flaws Disclosed TogetherVypr Intelligence · Jun 4, 2026