Home

Description

In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-08 | Updated 2026-05-08 | Assigner mitre




LOW: 3.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

Product status

Default status
unknown

Any version
affected

References

bugs.launchpad.net/ironic/+bug/2148307

cve.org (CVE-2026-44916)

nvd.nist.gov (CVE-2026-44916)

Download JSON