CVE-2026-44917: OpenStack Ironic Local File Read via PXE Template (CVSS 4.9)
A vulnerability in OpenStack Ironic before version 35.0.2 allows authenticated project administrators or managers to read sensitive files directly from the Ironic conductor server through a specially crafted PXE template. This is a credential-required attack where an insider with project admin or manager privileges can exploit the template processing mechanism to access files they shouldn't be able to retrieve, potentially exposing configuration secrets, credentials, or other sensitive data stored on the conductor.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 4.9 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-669
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-04 / 2026-06-17
NVD description (verbatim)
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-44917 is an improper access control vulnerability in OpenStack Ironic's PXE template handling. The vulnerability allows authenticated users with project admin or manager roles to bypass file access restrictions by injecting malicious content into pxe_template parameters. The Ironic conductor processes these templates without adequate sandboxing or input validation, enabling arbitrary local file read operations on the conductor system. The attack vector is network-based, requires high privileges (project admin/manager), no user interaction, and does not require privilege escalation to execute. The impact is strictly confidentiality; integrity and availability are not affected.
Business impact
Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive operational data maintained by Ironic conductors, including database credentials, API tokens, certificates, and deployment configurations. In multi-tenant OpenStack deployments, a malicious project admin could access files beyond their intended scope, violating data isolation guarantees and potentially compromising infrastructure security across multiple tenants. The requirement for project admin credentials limits the blast radius to insider threats or compromised admin accounts, but the high-privilege nature of affected roles means the risk is concentrated in critical operator personas.
Affected systems
OpenStack Ironic deployments running versions before 35.0.2 are affected. This includes Ironic services deployed in production cloud environments, hybrid cloud setups, and bare-metal-as-a-service platforms that rely on Ironic for provisioning. The vulnerability is specific to the Ironic conductor component and affects any environment where project admins or managers have access to Ironic API endpoints. Verify the exact scope against your OpenStack deployment documentation and version inventory.
Exploitability
Exploitability is moderate and limited by access control. The vulnerability requires the attacker to already possess authenticated project admin or manager credentials within the OpenStack deployment, which significantly reduces the attack surface compared to unauthenticated or low-privilege exploits. No known public exploit code exists, and the attack is not currently tracked in the CISA Known Exploited Vulnerabilities catalog. However, the mechanics are straightforward once credentials are obtained—an attacker would craft a pxe_template payload targeting local file paths. Internal threat actors (disgruntled operators, compromised admin accounts) represent the primary risk.
Remediation
Upgrade OpenStack Ironic to version 35.0.2 or later to apply the vendor patch. Organizations unable to upgrade immediately should implement compensating controls: restrict project admin and manager role assignments to trusted personnel only, enforce multi-factor authentication for Ironic API access, audit and monitor pxe_template modifications and PXE provisioning operations, and isolate Ironic conductor servers on restricted networks with egress monitoring. Review access logs for suspicious file-read patterns or unusual template submissions from admin accounts.
Patch guidance
Apply the OpenStack Ironic update to version 35.0.2 or later according to your organization's change management procedures. Verify patch deployment by confirming the running version via 'openstack baremetal conductor list' or equivalent CLI commands. Test the patch in a staging environment mirroring your production configuration before rolling out to production conductors. Coordinate patching with your cloud operations team to minimize service disruption, as some deployments may require conductor restarts. Consult the official OpenStack release notes for version 35.0.2 to confirm the fix and any dependent component updates.
Detection guidance
Monitor Ironic conductor logs for suspicious pxe_template API requests, particularly those containing path traversal sequences (../, absolute paths, or environment variable references). Implement alerting on failed file-read attempts within the Ironic conductor process. Audit API call patterns from project admin and manager accounts for unusual frequency or targeting of sensitive directories (/etc, /root, /var/lib, database config paths). Use SIEM tools to correlate Ironic API logs with conductor system logs to detect file access anomalies. Enable verbose logging on the Ironic conductor and set retention policies to support forensic investigation.
Why prioritize this
This vulnerability should be prioritized for remediation in the near term but does not require emergency response. While the CVSS score is MEDIUM (4.9), reflecting limited exploitability due to high privilege requirements and no impact to availability or integrity, the confidentiality risk is significant in multi-tenant environments. The absence of KEV status and public exploits reduces immediate threat, but the sensitive nature of conductor-stored data and the insider-threat risk justifies prompt patching within standard maintenance windows. Prioritize deployments with strict privilege separation and high-sensitivity workloads (finance, healthcare, regulated cloud services).
Risk score, explained
The CVSS 3.1 score of 4.9 (MEDIUM) reflects: Network-accessible attack vector (AV:N) with low complexity (AC:L) and high privilege requirement (PR:H), requiring no user interaction (UI:N). The scope is unchanged (S:U), and the impact is high confidentiality (C:H) but no integrity or availability impact (I:N, A:N). The score appropriately balances the serious confidentiality breach against the significant access control barrier; this is not a critical infrastructure threat but a notable insider-risk vulnerability for operators of multi-tenant cloud platforms.
Frequently asked questions
Can an attacker with only read-only Ironic access exploit this vulnerability?
No. The vulnerability requires project admin or manager privileges specifically. Read-only or lower-privileged roles cannot construct the malicious pxe_template payload needed to trigger the file read.
If we have strong access controls limiting who can be a project admin, does this vulnerability still pose a risk?
Yes, but the risk is lower. Compensating controls on admin role assignment reduce the probability of exploitation, but compromised admin credentials or rogue insiders remain credible threats. Patching is still necessary to eliminate the vulnerability entirely.
What files are typically at risk if this vulnerability is exploited?
Conductor configuration files, database credentials, API tokens, SSL/TLS private keys, and deployment templates stored in standard system locations like /etc, /var/lib, and the Ironic working directory. The specific exposure depends on the conductor's file system and what data is co-located with the Ironic process.
Does OpenStack provide a security advisory or detailed patch notes for this CVE?
Consult the OpenStack security advisory and the official OpenStack release notes for version 35.0.2 for comprehensive patch details, workarounds, and impact analysis. Your OpenStack distribution vendor may also provide supplementary guidance.
This vulnerability intelligence is provided for informational purposes to support security operations and risk management decisions. The analysis is based on published CVE data and vendor advisories current as of the publication date. Actual risk and exploitability may vary based on your specific OpenStack deployment topology, access controls, and operational posture. Verify all patch version numbers, affected product scopes, and remediation steps against the official OpenStack vendor advisory and your organization's vulnerability management policies before implementation. This document does not constitute legal or compliance advice; consult your compliance and legal teams regarding regulatory obligations related to this vulnerability. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-46447MEDIUMOpenStack Ironic iPXE Boot Script Injection Vulnerability
- CVE-2026-42998MEDIUMOpenStack Keystone Application Credential Authentication Bypass
- CVE-2026-42999MEDIUMOpenStack Keystone RBAC Bypass via JSON Request Body Injection
- CVE-2026-43000MEDIUMOpenStack Keystone Privilege Escalation via Application Credential Impersonation
- CVE-2026-44394MEDIUMOpenStack Keystone Federated Token Rescoping Bypass – MEDIUM Severity
- CVE-2026-48681MEDIUMOpenStack Ironic Directory Traversal File Overwrite (MEDIUM)
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset