CVE-2026-48681 PUBLISHED

Assigner: mitre
Reserved: 22.05.2026 Published: 04.06.2026 Updated: 04.06.2026

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 5.9

Product Status

Vendor OpenStack
Product Ironic
Versions Default: unaffected
  • affected from 17.0.0 to 26.1.7 (excl.)
  • affected from 27.0.0 to 29.0.6 (excl.)
  • affected from 30.0.0 to 32.0.2 (excl.)
  • affected from 33.0.0 to 35.0.2 (excl.)

References

Problem Types

  • CWE-23 Relative Path Traversal CWE