Skip to main content

OpenStack Ironic CVE-2026-44919

| EUVDEUVD-2026-30209 MEDIUM
Incorrect Behavior Order (CWE-696)
2026-05-14 mitre GHSA-4g73-w726-53h3
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
CVSS changed
Jun 18, 2026 - 03:38 NVD
4.3 (MEDIUM) 6.5 (MEDIUM)
Analysis Generated
Jun 08, 2026 - 10:48 vuln.today

DescriptionNVD

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

AnalysisAI

Infinite loop denial-of-service in OpenStack Ironic's image handling allows low-privileged authenticated attackers to exhaust conductor resources by supplying file:///dev/zero as an image URL, triggering unbounded checksum calculations that never terminate. All Ironic versions from 0 through 35.x prior to commit a3f6d73 are affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Ironic API with low-privileged credentials
Delivery
Submit image provisioning request with file:///dev/zero as image URL
Exploit
Conductor accepts request and initiates checksum computation
Execution
/dev/zero returns infinite null bytes, no EOF
Persist
Checksum loop never terminates, consuming conductor resources
Impact
Bare-metal provisioning availability degraded for all users

Vulnerability AssessmentAI

Exploitation Low-privileged authenticated access to the OpenStack Ironic API is required (CVSS PR:L); unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.3 Medium with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L places this as network-reachable but requiring low-privileged credentials, with only partial availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a low-privileged OpenStack account submits a bare-metal provisioning request to the Ironic API, specifying file:///dev/zero as the image URL. The Ironic conductor accepts the request and begins computing a checksum against /dev/zero, which returns null bytes indefinitely. …
Remediation The upstream fix is available at commit a3f6d735ac3642ab95b49142c7305f072ae748d0 (https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0); operators should apply this commit or upgrade to a downstream distribution package that includes it. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44919 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy