CVE-2026-44919 PUBLISHED

Assigner: mitre
Reserved: 08.05.2026 Published: 14.05.2026 Updated: 14.05.2026

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	OpenStack
Product	Ironic
Versions	Default: unaffected affected from 0 to a3f6d735ac3642ab95b49142c7305f072ae748d0 (excl.)

References

https://bugs.launchpad.net/ironic/+bug/2150332
https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0

Problem Types

CWE-696 Incorrect Behavior Order CWE