Description
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
Published: 2026-06-04
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenStack Ironic before version 35.0.2 is vulnerable to a directory traversal flaw that allows an attacker to overwrite files on the deployment host using a specially crafted ISO image. The vulnerability can be exploited during the deployment process, potentially compromising the integrity of configuration files or executables located on the target system. The weakness corresponds to CWE‑23, a path traversal condition that permits writing to unintended locations.

Affected Systems

The affected product is OpenStack Ironic, specifically any release older than 35.0.2. Clients that use Ironic to deploy machines from ISO images run the risk unless they upgrade to the patched version or otherwise restrict ISO uploads.

Risk and Exploitability

With a CVSS score of 5.9, the vulnerability carries moderate severity. The EPSS score is currently not available, and the issue is not listed in the CISA KEV catalog. Exploitation requires control over the ISO image supplied to the Ironic service, which typically implies authenticated API access or compromised trust in the image source. Once the crafted ISO is processed, the attacker can overwrite arbitrary files on the deployment host, potentially leading to further attacks or system compromise.

Generated by OpenCVE AI on June 4, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenStack Ironic to version 35.0.2 or later
  • Restrict ISO image uploads to trusted sources and enforce validation of image integrity
  • Monitor Ironic logs for suspicious deployment attempts and file modification events

Generated by OpenCVE AI on June 4, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title File Overwrite via Directory Traversal in OpenStack Ironic during ISO Deployment

Thu, 04 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
First Time appeared Openstack
Openstack ironic
Weaknesses CWE-23
CPEs cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*
Vendors & Products Openstack
Openstack ironic
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Openstack Ironic
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T03:27:57.121Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48681

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T04:17:15.220

Modified: 2026-06-04T04:17:15.220

Link: CVE-2026-48681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T06:30:06Z

Weaknesses