CVE-2026-44917
MEDIUMDescription
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
Is your site exposed to CVE-2026-44917?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| openstack | ironic |
| openstack | ironic |
| openstack | ironic |
| openstack | ironic |
References
Frequently Asked Questions
What is CVE-2026-44917? +
How severe is CVE-2026-44917? +
What products are affected by CVE-2026-44917? +
How do I check if I'm vulnerable to CVE-2026-44917? +
Related Vulnerabilities
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable …
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the …
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if …
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that …
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides …
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process …