CVE-2026-48681

5.9MEDIUM

Key Information:

Vendor

Openstack
Status
Ironic
Vendor
CVE Published:
4 June 2026

What is CVE-2026-48681?

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

Affected Version(s)

Ironic 17.0.0 < 26.1.7

Ironic 27.0.0 < 29.0.6

Ironic 30.0.0 < 32.0.2

References

https://bugs.launchpad.net/ironic/+bug/2148333
https://www.openwall.com/lists/oss-security/2026/06/03/12

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.