CVE-2026-48681

NameCVE-2026-48681
DescriptionOpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-6341-1
Debian Bugs1138842

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ironic (PTS)bullseye1:16.0.3-1vulnerable
bookworm1:21.1.0-3vulnerable
bookworm (security)1:21.4.4-0+deb12u1fixed
trixie1:29.0.0-7vulnerable
trixie (security)1:29.0.5-0+deb13u2fixed
forky, sid1:35.0.1-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ironicsourcebookworm1:21.4.4-0+deb12u1DSA-6341-1
ironicsourcetrixie1:29.0.5-0+deb13u2DSA-6341-1
ironicsource(unstable)(unfixed)1138842

Notes

https://www.openwall.com/lists/oss-security/2026/06/03/12
https://bugs.launchpad.net/ironic/+bug/2148333
Search for package or bug name: Reporting problems