CVE-2026-43003 Overview
CVE-2026-43003 affects OpenStack ironic-python-agent (IPA) versions 1.0.0 through 11.5.0. The Ironic Python Agent runs grub-install from within a chroot of the deployed partition image during bare-metal provisioning. A malicious image supplied to the deployment workflow can place attacker-controlled binaries that execute when IPA enters the chroot. This results in code execution within the deployment ramdisk context.
The issue is tracked under [CWE-829: Inclusion of Functionality from Untrusted Control Sphere]. Operators running OpenStack Ironic for bare-metal provisioning should review user-supplied image sources before applying patches.
Critical Impact
A malicious partition image can achieve code execution inside the IPA ramdisk during the EFI bootloader installation step, compromising the provisioning host.
Affected Products
- OpenStack ironic-python-agent 1.0.0 through 11.5.0
- Bare-metal deployment workflows using EFI partition images
- OpenStack Ironic deployments accepting tenant-supplied images
Discovery Timeline
- 2026-05-01 - CVE-2026-43003 published to NVD
- 2026-05-04 - Last updated in NVD database
Technical Details for CVE-2026-43003
Vulnerability Analysis
Ironic Python Agent provisions bare-metal nodes by writing a partition image to disk and configuring the bootloader. During EFI setup, IPA enters a chroot into the deployed partition and invokes grub-install from within that chroot. The grub-install binary, along with its supporting libraries and configuration, originates from the partition image rather than the trusted ramdisk.
When a tenant or upstream source supplies a malicious image, that image controls every binary executed inside the chroot. The IPA ramdisk runs with elevated privileges on the provisioning host, so any payload triggered through grub-install inherits those privileges. The relevant logic resides in efi_utils.py around lines 134-139, as documented in the GitHub Code Review.
Root Cause
The root cause is trust boundary violation. IPA treats binaries inside the deployed image as safe enough to execute during provisioning. The chroot does not sanitize or validate the executables it runs. An attacker controlling the partition image controls the grub-install execution path.
Attack Vector
An attacker must supply a malicious partition image to the Ironic deployment pipeline. This requires authenticated access to upload images or compromise of an upstream image source. Once the image deploys, IPA enters the chroot and executes the attacker-staged grub-install, achieving code execution on the deployment ramdisk. Refer to the Launchpad Bug Report for additional context.
Detection Methods for CVE-2026-43003
Indicators of Compromise
- Unexpected child processes spawned by ironic-python-agent during the EFI bootloader installation phase
- Modified or non-standard grub-install binaries within tenant-supplied partition images
- Outbound network connections originating from the IPA ramdisk during provisioning
- Anomalous filesystem writes outside the chroot target during deployment
Detection Strategies
- Audit IPA deployment logs for grub-install invocations and capture the full process tree under the chroot
- Validate cryptographic hashes of grub-install and supporting libraries inside images before deployment
- Compare expected EFI provisioning durations and command sequences against observed runs to flag deviations
Monitoring Recommendations
- Forward IPA conductor and ramdisk logs to a centralized logging platform for behavioral baselining
- Alert on process executions inside provisioning chroots that deviate from approved bootloader binaries
- Track image provenance metadata and flag deployments using images from unverified sources
How to Mitigate CVE-2026-43003
Immediate Actions Required
- Restrict image upload privileges in OpenStack Glance to trusted operators only
- Inventory all ironic-python-agent versions in use and prioritize upgrades for versions 1.0.0 through 11.5.0
- Audit recent bare-metal deployments for signs of unauthorized code execution on provisioning hosts
Patch Information
No fixed version is listed in the NVD record at the time of publication. Operators should monitor the Launchpad Bug Report and the OpenStack ironic-python-agent repository for the official remediation. The fix is expected to avoid executing grub-install from within the deployed image chroot.
Workarounds
- Limit Ironic image sources to a curated, signed set of operator-controlled images
- Disable EFI bootloader provisioning paths where feasible and use BIOS or netboot alternatives
- Apply image signature verification in Glance to prevent unsigned or untrusted images from reaching Ironic
- Isolate provisioning networks to contain potential post-exploitation activity from compromised ramdisks
# Configuration example: enforce signed image verification in Glance
# /etc/glance/glance-api.conf
[DEFAULT]
verify_glance_signatures = True
enabled_import_methods = ['glance-direct']
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
