CVE-2026-48681

Published: Giu 04, 2026 Last Modified: Giu 04, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none

Description

AI Translation Available

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

23

Relative Path Traversal

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: Not Technology-Specific, Web Based, AI/ML
View CWE Details
https://bugs.launchpad.net/ironic/+bug/2148333
https://bugs.launchpad.net/ironic/+bug/2148333
https://www.openwall.com/lists/oss-security/2026/06/03/12
https://www.openwall.com/lists/oss-security/2026/06/03/12