EUVD-2026-26489
GHSA-rmxr-45gj-889w
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
AnalysisAI
Code execution in OpenStack Ironic Python Agent 1.0.0-11.5.0 occurs when the service executes grub-install within a chroot of a deployed partition image, allowing attackers with write access to deployment images to run arbitrary code on the bare-metal provisioning infrastructure. The attack requires adjacent network access, low privileges, and high complexity (CVSS 8.0, AV:A/AC:H/PR:L), with changed scope indicating the vulnerability breaks trust boundaries between tenant workloads and the provisioning layer. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all OpenStack Ironic deployments and document current Python Agent versions in use; restrict write access to deployment images to only authorized administrators and disable unnecessary image modification workflows. Within 7 days: Evaluate vendor mitigation guidance and implement network segmentation to limit adjacent network access to Ironic services; implement monitoring for unusual grub-install invocations or chroot operations. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today