CVE-2026-48681

MEDIUM

Openstack Ironic - Relative Path Traversal

Title source: rule

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

Core 3

Core References

Mailing List

CVSS v3 5.9

EPSS 0.0063

EPSS Percentile 45.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-23

Status published

Products (5)

OpenStack/Ironic 17.0.0 - 26.1.7

openstack/ironic 17.0.0 - 26.1.7

OpenStack/Ironic 27.0.0 - 29.0.6

OpenStack/Ironic 30.0.0 - 32.0.2

OpenStack/Ironic 33.0.0 - 35.0.2

Published Jun 04, 2026

Tracked Since Jun 04, 2026