CVE Field Guide
About Us
CVE-2026-44916
PUBLISHED
Assigner:
mitre
Reserved:
08.05.2026
Published:
08.05.2026
Updated:
08.05.2026
In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
CVSS Score:
3
CVSS score
3
Attack Vector
Network
Scope
Changed
Attack Complexity
High
Confidentiality Impact
Low
Privileges Required
High
Integrity Impact
None
User Interaction
None
Availability Impact
None
CVSS 3.1
Product Status
Vendor
OpenStack
Product
Ironic
Versions
Default:
unknown
affected from 0 to 35.0.1 (incl.)
References
https://bugs.launchpad.net/ironic/+bug/2148307
Problem Types
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
CWE