VEXID-6026512
Published 2026-06-04 04:17:14
Last Modified 2026-06-04 04:17:14
AKA CVE-2026-44917
Summary OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete