CVE-2026-44916

🗓️ 08 May 2026 06:38:37Reported by mitreType

CVE-2026-44916: OpenStack Ironic through 35.x renders instance_info['ks_template'] without sandboxing.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-44916	8 May 202606:38	–	attackerkb
Circl	CVE-2026-44916	8 May 202609:15	–	circl
CNNVD	OpenStack Ironic 安全漏洞	8 May 202600:00	–	cnnvd
Cvelist	CVE-2026-44916	8 May 202606:38	–	cvelist
Debian CVE	CVE-2026-44916	8 May 202606:38	–	debiancve
EUVD	EUVD-2026-28531	8 May 202609:31	–	euvd
NVD	CVE-2026-44916	8 May 202607:16	–	nvd
OSV	DEBIAN-CVE-2026-44916	8 May 202607:16	–	osv
OSV	UBUNTU-CVE-2026-44916	8 May 202607:16	–	osv
Positive Technologies	PT-2026-38679	8 May 202600:00	–	ptsecurity

Vulners

CNA

Node

openstack ironicRange17.0.0–26.1.7

openstack ironicRange27.0.0–29.0.6

openstack ironicRange30.0.0–32.0.2

openstack ironicRange33.0.0–35.0.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Ironic",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "26.1.7",
        "status": "affected",
        "version": "17.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "29.0.6",
        "status": "affected",
        "version": "27.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "30.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "35.0.2",
        "status": "affected",
        "version": "33.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
security	www.security.openstack.org/ossa/OSSA-2026-012.html
bugs	www.bugs.launchpad.net/ironic/+bug/2148307
openwall	www.openwall.com/lists/oss-security/2026/05/11/7

20 May 2026 16:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.13

EPSS0.00011

SSVC

CWE-1336