CVE-2026-48681
MEDIUMDescription
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
Is your site exposed to CVE-2026-48681?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| openstack | ironic |
| openstack | ironic |
| openstack | ironic |
| openstack | ironic |
References
Frequently Asked Questions
What is CVE-2026-48681? +
How severe is CVE-2026-48681? +
What products are affected by CVE-2026-48681? +
How do I check if I'm vulnerable to CVE-2026-48681? +
Related Vulnerabilities
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application …
Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: …
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read …
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, …
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not …
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible