Directory Traversal Vulnerability in OpenStack Ironic Affects ISO Deployment
CVE-2026-48681

5.9MEDIUM

Key Information:

Vendor

Openstack
Status
Ironic
Vendor
CVE Published:
4 June 2026

What is CVE-2026-48681?

OpenStack Ironic versions prior to 35.0.2 are susceptible to a directory traversal vulnerability, allowing attackers to exploit the deployment process of crafted ISO images. This flaw enables unauthorized file overwrites, potentially compromising system integrity and leading to further security risks. Proper validation during image handling is crucial to prevent such vulnerabilities.

Affected Version(s)

Ironic 17.0.0 < 26.1.7

Ironic 27.0.0 < 29.0.6

Ironic 30.0.0 < 32.0.2

References

https://bugs.launchpad.net/ironic/+bug/2148333
https://www.openwall.com/lists/oss-security/2026/06/03/12

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.