CVE-2026-48681

🗓️ 04 Jun 2026 00:00:00Reported by mitreType

CVE-2026-48681: OpenStack Ironic prior to 35.0.2 allows file overwrite via directory traversal during deployment with crafted image.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2026-48681	4 Jun 202600:00	–	attackerkb
Circl	CVE-2026-48681	3 Jun 202617:24	–	circl
CNNVD	OpenStack Ironic 安全漏洞	4 Jun 202600:00	–	cnnvd
CVE	CVE-2026-48681	4 Jun 202600:00	–	cve
Debian	[SECURITY] [DSA 6341-1] ironic security update	11 Jun 202618:49	–	debian
Debian CVE	CVE-2026-48681	4 Jun 202600:00	–	debiancve
Tenable Nessus	Debian dsa-6341 : ironic-api - security update	11 Jun 202600:00	–	nessus
Tenable Nessus	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Ironic vulnerabilities (USN-8421-1)	12 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-48681	3 Jun 202600:00	–	nessus
EUVD	EUVD-2026-34203	4 Jun 202600:00	–	euvd

[
  {
    "defaultStatus": "unaffected",
    "product": "Ironic",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "26.1.7",
        "status": "affected",
        "version": "17.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "29.0.6",
        "status": "affected",
        "version": "27.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "30.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "35.0.2",
        "status": "affected",
        "version": "33.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
openwall	www.openwall.com/lists/oss-security/2026/06/03/12
bugs	www.bugs.launchpad.net/ironic/+bug/2148333

04 Jun 2026 03:27Current

CVSS 3.15.9

EPSS0.00625

CWE-23