Path traversal in Ironic - CVE-2026-48681
Published: June 18, 2026
Vulnerability identifier: #VU134856
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-48681
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Openstack
Affected software:
Ironic
Ironic
Detailed vulnerability description
The vulnerability allows a remote user to overwrite files on the conductor's disk or target disk.
The vulnerability exists due to path traversal in ISO handling code when processing a crafted ISO image. A remote user can deploy a node using configdrive, a virtual media-based boot interface, or the anaconda deploy interface with a malicious ISO image to overwrite files on the conductor's disk or target disk.
The issue affects both the conductor during ISO handling and the target disk during deployment through the anaconda deploy interface.
How to mitigate CVE-2026-48681
Install security update from vendor's website.