CVE-2026-48681

Published: Jun 4, 2026Modified: Jun 4, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

Affected (4)

Products: Openstack: Ironic

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Openstack Ironic	From 17.0.0 to 26.1.7
Openstack Ironic	From 27.0.0 to 29.0.6
Openstack Ironic	From 30.0.0 to 32.0.2
Openstack Ironic	From 33.0.0 to 35.0.2

Related CWEs

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (3)

https://bugs.launchpad.net/ironic/+bug/2148333

Source: cve@mitre.org

Issue TrackingMitigation

https://www.openwall.com/lists/oss-security/2026/06/03/12

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2026/06/03/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.