Home
LOW: 3.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:NDefault status
unaffected
17.0.0 (semver) before 26.1.7
affected
27.0.0 (semver) before 29.0.6
affected
30.0.0 (semver) before 32.0.2
affected
33.0.0 (semver) before 35.0.2
affected
Description
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
Problem types
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
Product status
17.0.0 (semver) before 26.1.7
27.0.0 (semver) before 29.0.6
30.0.0 (semver) before 32.0.2
33.0.0 (semver) before 35.0.2
References
www.openwall.com/lists/oss-security/2026/05/11/7
bugs.launchpad.net/ironic/+bug/2148307
security.openstack.org/ossa/OSSA-2026-012.html