By weakness (CWE)
CWE-669: related vulnerabilities
CVEs classified under CWE-669. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-46447MEDIUM 5.8
OpenStack Ironic versions before 35.0.2 contain a vulnerability that allows an attacker with elevated privileges to inject malicious iPXE boot scripts by modifying node configuration data. An attacker who can alter the driver_info or instance_info fields of a node can supply a specially crafted iPXE script that will execute during the boot process, potentially compromising the integrity of deployed systems. This attack requires authenticated access with administrative or operator-level permissions, but once achieved, can affect multiple systems across a cloud environment.
- CVE-2026-44917MEDIUM 4.9
A vulnerability in OpenStack Ironic before version 35.0.2 allows authenticated project administrators or managers to read sensitive files directly from the Ironic conductor server through a specially crafted PXE template. This is a credential-required attack where an insider with project admin or manager privileges can exploit the template processing mechanism to access files they shouldn't be able to retrieve, potentially exposing configuration secrets, credentials, or other sensitive data stored on the conductor.