CVE-2026-46447: OpenStack Ironic iPXE Boot Script Injection Vulnerability
OpenStack Ironic versions before 35.0.2 contain a vulnerability that allows an attacker with elevated privileges to inject malicious iPXE boot scripts by modifying node configuration data. An attacker who can alter the driver_info or instance_info fields of a node can supply a specially crafted iPXE script that will execute during the boot process, potentially compromising the integrity of deployed systems. This attack requires authenticated access with administrative or operator-level permissions, but once achieved, can affect multiple systems across a cloud environment.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.8 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
- Weaknesses (CWE)
- CWE-669
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-03 / 2026-06-17
NVD description (verbatim)
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46447 is a boot script injection vulnerability in OpenStack Ironic that arises from insufficient validation of iPXE script sources when node.driver_info or node.instance_info fields are modified. The vulnerability is classified under CWE-669 (Incorrect Resource Transfer Between Spheres), indicating a flaw in how untrusted data transitions between security boundaries. The CVSS v3.1 score of 5.8 (MEDIUM severity) reflects a network-accessible attack vector with high attack complexity and high privilege requirements, but significant impact on system integrity and potential scope expansion across the cloud infrastructure. The issue does not require user interaction and affects the confidentiality of system configuration, though direct confidentiality loss is not indicated in the vector.
Business impact
For organizations operating OpenStack Ironic infrastructure, this vulnerability creates a risk of unauthorized boot process manipulation. A compromised administrative account or insider threat could inject malicious boot configurations that persist across node redeployment cycles, potentially leading to rootkit installation, persistent backdoors, or unauthorized system hardening modifications before the OS fully initializes. In multi-tenant or managed service environments, this could enable lateral movement or privilege escalation. The remediation requires a patched Ironic version, during which operators must balance the security urgency against any operational disruptions related to control plane updates.
Affected systems
OpenStack Ironic deployments running versions prior to 35.0.2 are affected. This includes both standalone Ironic deployments and Ironic components within broader OpenStack clouds. The vulnerability requires that an attacker have permissions to modify node configuration objects—typically reserved for cloud administrators, operators, or service accounts with baremetal provisioning authority. Environments with strict role-based access control (RBAC) may have reduced exposure if administrative credentials are well-protected.
Exploitability
The CVSS vector indicates high attack complexity and high privilege requirements, placing this outside the easy-to-exploit category. An attacker must first obtain administrative or operator credentials with the ability to modify node objects in Ironic. However, once that threshold is crossed, the actual injection of the iPXE script is straightforward—it requires only updating a node field with a malicious script URL or inline payload. The attack does not require user interaction on the victim's part; the injected script executes automatically during the next boot cycle. This makes it attractive to insider threats or attackers who have compromised a service account. No active exploitation in the wild has been reported (KEV status: not included).
Remediation
Upgrade OpenStack Ironic to version 35.0.2 or later. Organizations should verify the patch version against the official OpenStack Ironic release notes and security advisories. Additionally, review and audit access controls for administrative credentials that can modify node driver_info and instance_info fields; restrict these permissions to the minimum necessary roles and implement credential rotation policies. Monitor Ironic API logs for suspicious node configuration modifications, particularly changes to boot-related parameters.
Patch guidance
Apply OpenStack Ironic 35.0.2 or a later patch release. Verify against the vendor advisory and release notes to confirm the patch is included. Organizations should test the upgrade in a non-production environment first to ensure compatibility with their current Ironic configuration, particularly if custom drivers or plugins are in use. Plan the upgrade during a maintenance window, as it may require a brief control plane restart. After patching, perform a spot check on a test node to confirm normal boot behavior and PXE provisioning workflows.
Detection guidance
Monitor Ironic API audit logs for modifications to node.driver_info and node.instance_info fields, especially changes to boot_option, boot_mode, or ipxe_bootloader parameters. Look for unusual or unexpected changes initiated by service accounts or administrative users. Implement integrity checks on boot configuration files and iPXE script repositories. Alert on any unauthorized or out-of-policy iPXE script URLs being set in node configurations. If available, use OpenStack Audit (Cadf) logging to correlate API changes with specific user accounts and timestamps.
Why prioritize this
This vulnerability merits prompt but not emergency attention. The MEDIUM CVSS score combined with high privilege requirements places it below critical vulnerabilities, but the integrity impact (rating H in the vector) and potential for scope expansion justify priority over lower-severity issues. Organizations should prioritize patching within their standard maintenance cycles—typically 30 to 90 days—balancing against more critical vulnerabilities that require immediate response. For environments with strong separation of duties and credential hygiene, the risk is somewhat lower; for environments with lax administrative access controls, prioritize this higher.
Risk score, explained
The CVSS v3.1 score of 5.8 reflects: Network-accessible attack vector (AV:N) indicating remote exploitability; High attack complexity (AC:H) because the attacker must first obtain administrative credentials; High privilege requirements (PR:H) requiring operator or admin role; No user interaction required (UI:N); Changed scope (S:C) because a compromised node can potentially affect other systems or services in the environment; No direct confidentiality impact (C:N); High integrity impact (I:H) due to unauthorized boot script injection; and No availability impact (A:N). The cumulative effect is a moderate-severity finding that requires administrative compromise but has meaningful integrity and scope implications.
Frequently asked questions
Who can exploit this vulnerability?
An attacker must have valid credentials with permissions to modify Ironic node objects—typically an administrative user, cloud operator, or a service account with baremetal provisioning authority. This is not a vulnerability that can be exploited by unprivileged users or external attackers without first compromising a privileged account.
What happens if my Ironic nodes are compromised via this vulnerability?
A malicious iPXE script can be injected and executed during the node's boot process, before the operating system loads. This could allow an attacker to install rootkits, bypass OS security settings, steal credentials, or establish persistent backdoors. The compromise occurs at a very low level in the boot chain, making it difficult to detect and remediate.
Do I need to patch immediately?
No; this is a MEDIUM-severity vulnerability that requires administrative credentials to exploit. You should apply the patch within your standard maintenance windows—typically 30 to 90 days. However, if you have concerns about insider threats or if your administrative credentials are not well-protected, consider prioritizing this patch sooner.
What should I do while waiting to patch?
Audit and restrict who has permissions to modify node driver_info and instance_info fields. Implement strong access controls, credential rotation, and logging for administrative actions. Monitor your Ironic API logs for suspicious node configuration changes. Consider temporarily disabling iPXE boot for non-critical nodes if feasible, or limiting boot configuration changes to a narrow set of trusted users.
This analysis is based on CVE-2026-46447 as published on 2026-06-03 and last modified on 2026-06-17. CVSS scores and vendor information are derived from authoritative sources; however, organizations should verify patch version numbers and availability against official OpenStack Ironic release notes and security advisories before implementation. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. No active exploitation has been reported, but absence of KEV listing does not guarantee absence of threat. SEC.co does not provide legal, compliance, or procurement advice; consult your security and procurement teams regarding patch deployment timelines and regulatory obligations. Always test patches in non-production environments before production deployment. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-44917MEDIUMOpenStack Ironic Local File Read via PXE Template (CVSS 4.9)
- CVE-2026-42998MEDIUMOpenStack Keystone Application Credential Authentication Bypass
- CVE-2026-42999MEDIUMOpenStack Keystone RBAC Bypass via JSON Request Body Injection
- CVE-2026-43000MEDIUMOpenStack Keystone Privilege Escalation via Application Credential Impersonation
- CVE-2026-44394MEDIUMOpenStack Keystone Federated Token Rescoping Bypass – MEDIUM Severity
- CVE-2026-48681MEDIUMOpenStack Ironic Directory Traversal File Overwrite (MEDIUM)
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset