CVE-2026-44916 Overview
CVE-2026-44916 affects OpenStack Ironic, the bare metal provisioning service, in versions before 35.0.2. The flaw resides in how Ironic renders instance_info['ks_template'] without applying a sandbox to the template engine. An attacker with high privileges and access to a non-default configuration can supply template content that the rendering engine evaluates without restrictions. The issue maps to CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine.
Critical Impact
Authenticated users in specific non-default Ironic deployments can inject template expressions that the engine evaluates outside a sandbox, leading to limited information disclosure across a scope boundary.
Affected Products
- OpenStack Ironic versions prior to 35.0.2
- Deployments using the non-default ks_template configuration in instance_info
- Bare metal provisioning environments built on the affected Ironic releases
Discovery Timeline
- 2026-05-08 - CVE-2026-44916 published to the National Vulnerability Database
- 2026-05-11 - Disclosure published on the Openwall oss-security mailing list
- 2026-05-12 - Last updated in NVD database
Technical Details for CVE-2026-44916
Vulnerability Analysis
OpenStack Ironic uses templates to generate kickstart configurations during bare metal provisioning. The instance_info['ks_template'] field accepts a template that the service renders before delivering it to a node being deployed. In affected versions, Ironic renders this template without enabling the sandboxed environment normally used to constrain template execution. Without sandboxing, template syntax can reach Python attributes and methods that the template engine would otherwise block. The vulnerability requires the deployment to use a specific non-default configuration that exposes ks_template rendering to user-supplied content.
Root Cause
The root cause is the absence of a sandboxed template environment when rendering user-controlled input. Template engines such as Jinja2 provide a SandboxedEnvironment class that restricts access to unsafe attributes and callables. Ironic instantiated an unrestricted environment for ks_template content, allowing template expressions to traverse object attributes during rendering [CWE-1336].
Attack Vector
Exploitation requires network access to the Ironic API and high-privilege credentials capable of setting instance_info on a node. The attacker submits a crafted ks_template value containing template directives that exercise unsandboxed features when Ironic renders the kickstart file. The scope changes during exploitation because rendering occurs in the Ironic service context, while the template originates from a user-controlled node configuration. The Exploit Prediction Scoring System lists the vulnerability with a very low probability of near-term exploitation, consistent with the high privilege and configuration prerequisites.
No verified public exploit code is available. Refer to the Launchpad bug report and the Openwall oss-security advisory for the maintainer discussion of the rendering path.
Detection Methods for CVE-2026-44916
Indicators of Compromise
- Unexpected template syntax such as {{ ... }} or {% ... %} within instance_info['ks_template'] values stored against Ironic nodes
- Ironic conductor log entries showing template rendering errors or attribute access during kickstart generation
- Node updates from accounts not normally responsible for provisioning workflows
Detection Strategies
- Audit stored node records for ks_template content and flag values containing template control structures referencing object attributes or built-ins
- Correlate Ironic API requests that modify instance_info with the identity of the calling user and the time of node deployment
- Compare deployed kickstart output against the submitted template to identify unexpected substitutions
Monitoring Recommendations
- Forward Ironic API and conductor logs to a centralized analytics platform and alert on ks_template modifications outside change windows
- Track use of the non-default configuration that enables user-supplied ks_template rendering and restrict it to required environments
- Monitor privileged OpenStack accounts for unusual node creation or update patterns
How to Mitigate CVE-2026-44916
Immediate Actions Required
- Upgrade OpenStack Ironic to version 35.0.2 or later, where ks_template is rendered inside a sandboxed environment
- Inventory deployments to identify whether the non-default configuration permitting user-supplied ks_template rendering is enabled
- Restrict the OpenStack roles that can set instance_info fields on Ironic nodes to a minimum set of operators
Patch Information
The fix ships in OpenStack Ironic 35.0.2. The upstream change introduces sandboxing around the ks_template rendering path so that template expressions cannot reach unsafe attributes or callables. Operators tracking long-term support branches should consult the Launchpad bug report for backport status.
Workarounds
- Disable the non-default configuration that permits user-supplied ks_template rendering until the patched release is deployed
- Enforce policy controls in policy.yaml so that only trusted service accounts may modify instance_info on bare metal nodes
- Validate and reject ks_template content containing template control structures before it reaches the Ironic API
# Configuration example: restrict instance_info updates in Ironic policy.yaml
"baremetal:node:update_instance_info": "role:admin and project_id:%(project_id)s"
# Verify the installed Ironic version is at or above 35.0.2
pip show ironic | grep -i version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
