Fluid Attacks Database

Description

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	ironic	=1:16.0.3-1 \|\| =1:16.2.0-1 \|\| =1:17.0.0-1 \|\| =1:17.0.1-1 \|\| =1:17.0.3-1 \|\| =1:17.0.3-2 \|\| =1:18.1.0-1 \|\| =1:18.2.0-1 \|\| =1:18.2.0-2 \|\| =1:18.2.0-3 \|\| =1:20.0.0-1 \|\| =1:20.1.0-1 \|\| =1:20.1.0-2 \|\| =1:21.0.0-1 \|\| =1:21.0.0-2 \|\| =1:21.0.0-3 \|\| =1:21.1.0-1 \|\| =1:21.1.0-2 \|\| =1:21.1.0-3 \|\| =1:21.3.0-1 \|\| =1:21.4.0-1 \|\| =1:21.4.0-2 \|\| =1:21.4.0-3 \|\| =1:21.4.0-4 \|\| =1:22.1.0-1 \|\| =1:23.0.0-1 \|\| =1:23.0.0-2 \|\| =1:23.0.0-3 \|\| =1:23.0.0-4 \|\| =1:24.0.0-1 \|\| =1:24.1.0-1 \|\| =1:24.1.1-1 \|\| =1:24.1.1-2 \|\| =1:24.1.1-3 \|\| =1:26.0.0-1 \|\| =1:26.0.0-2 \|\| =1:26.1.0-1 \|\| =1:26.1.0-2 \|\| =1:26.1.0-3 \|\| =1:26.1.1-1 \|\| =1:26.1.1-2 \|\| =1:26.1.1-3 \|\| =1:26.1.1-4 \|\| =1:29.0.0-1 \|\| =1:29.0.0-2 \|\| =1:29.0.0-3 \|\| =1:29.0.0-4 \|\| =1:29.0.0-5 \|\| =1:29.0.0-6 \|\| =1:29.0.0-7 \|\| =1:32.0.0-1 \|\| =1:32.0.0-2 \|\| =1:32.0.0-4 \|\| =1:32.0.0-5 \|\| =1:32.0.0-6 \|\| =1:32.0.0-7 \|\| =1:34.0.0-1 \|\| =1:35.0.0-1 \|\| =1:35.0.0-2 \|\| =1:35.0.1-1 \|\| =1:35.0.1-2 \|\| =1:35.0.1-3
debian 12	ironic	=1:21.1.0-3 \|\| =1:21.1.0-3+deb12u1 \|\| =1:21.3.0-1 \|\| =1:21.4.0-1 \|\| =1:21.4.0-2 \|\| =1:21.4.0-3 \|\| =1:21.4.0-4 \|\| =1:22.1.0-1 \|\| =1:23.0.0-1 \|\| =1:23.0.0-2 \|\| =1:23.0.0-3 \|\| =1:23.0.0-4 \|\| =1:24.0.0-1 \|\| =1:24.1.0-1 \|\| =1:24.1.1-1 \|\| =1:24.1.1-2 \|\| =1:24.1.1-3 \|\| =1:26.0.0-1 \|\| =1:26.0.0-2 \|\| =1:26.1.0-1 \|\| =1:26.1.0-2 \|\| =1:26.1.0-3 \|\| =1:26.1.1-1 \|\| =1:26.1.1-2 \|\| =1:26.1.1-3 \|\| =1:26.1.1-4 \|\| =1:29.0.0-1 \|\| =1:29.0.0-2 \|\| =1:29.0.0-3 \|\| =1:29.0.0-4 \|\| =1:29.0.0-5 \|\| =1:29.0.0-6 \|\| =1:29.0.0-7 \|\| =1:32.0.0-1 \|\| =1:32.0.0-2 \|\| =1:32.0.0-4 \|\| =1:32.0.0-5 \|\| =1:32.0.0-6 \|\| =1:32.0.0-7 \|\| =1:34.0.0-1 \|\| =1:35.0.0-1 \|\| =1:35.0.0-2 \|\| =1:35.0.1-1 \|\| =1:35.0.1-2 \|\| =1:35.0.1-3
debian 13	ironic	=1:29.0.0-7 \|\| =1:29.0.5-0+deb13u1 \|\| =1:32.0.0-1 \|\| =1:32.0.0-2 \|\| =1:32.0.0-4 \|\| =1:32.0.0-5 \|\| =1:32.0.0-6 \|\| =1:32.0.0-7 \|\| =1:34.0.0-1 \|\| =1:35.0.0-1 \|\| =1:35.0.0-2 \|\| =1:35.0.1-1 \|\| =1:35.0.1-2 \|\| =1:35.0.1-3
debian 14	ironic	=1:29.0.0-7 \|\| =1:32.0.0-1 \|\| =1:32.0.0-2 \|\| =1:32.0.0-4 \|\| =1:32.0.0-5 \|\| =1:32.0.0-6 \|\| =1:32.0.0-7 \|\| =1:34.0.0-1 \|\| =1:35.0.0-1 \|\| =1:35.0.0-2 \|\| =1:35.0.1-1 \|\| =1:35.0.1-2 \|\| =1:35.0.1-3

Aliases

1. CVE-2026-464472. NVD-2026-464473. OSV-DEBIAN-2026-464474. OSV-2026-464475. SECURITY-TRACKER-CVE-2026-46447

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.