CVE-2026-44917: OpenStack Ironic File Disclosure Flaw

CVE-2026-44917 Overview

CVE-2026-44917 is a local file disclosure vulnerability affecting OpenStack Ironic versions prior to 35.0.2. The flaw allows an authenticated project administrator or manager to read arbitrary local files on the Ironic conductor host by abusing the pxe_template parameter. The issue maps to [CWE-669: Incorrect Resource Transfer Between Spheres], where data crosses trust boundaries without sufficient validation. Exploitation requires valid privileged credentials but no user interaction, and it exposes sensitive configuration material such as service credentials, private keys, and conductor configuration files.

Critical Impact

Authenticated project admins or managers can read sensitive files on the Ironic conductor, including credentials and keys that may enable broader compromise of the OpenStack control plane.

Affected Products

• OpenStack Ironic versions prior to 35.0.2
• Deployments exposing the Ironic conductor API to project admins or managers
• OpenStack environments using PXE-based bare metal provisioning workflows

Discovery Timeline

• 2026-06-04 - CVE-2026-44917 published to NVD
• 2026-06-04 - Last updated in NVD database

Technical Details for CVE-2026-44917

Vulnerability Analysis

OpenStack Ironic is the bare metal provisioning service in OpenStack. The conductor component manages hardware enrollment, deployment, and lifecycle operations, including the rendering of PXE (Preboot Execution Environment) configuration files used to boot nodes over the network.

The vulnerability resides in how Ironic handles the pxe_template parameter. A user with project admin or manager privileges can supply a template path that the conductor reads from the local file system. Because the conductor does not adequately restrict the resource referenced by pxe_template, the template loader returns content from arbitrary local files instead of an approved template directory.

The disclosed content is exposed through the deployment workflow or returned via API responses tied to the affected node. Files commonly readable by the Ironic service user include /etc/ironic/ironic.conf, keystone credentials, TLS private keys, and IPMI credentials stored in node driver_info.

Root Cause

The root cause is improper containment of an externally controlled file path. The pxe_template field is treated as a trusted operator-supplied value, but the API permits project admins and managers to set it. Without canonicalization or an allow-list of template directories, the conductor reads any file accessible to its service account, violating the boundary between project tenants and the underlying conductor host.

Attack Vector

The attacker authenticates to the OpenStack API with a project admin or manager role and sets the pxe_template attribute on a node to point at a sensitive file path on the conductor. When the conductor processes the node, it reads the referenced file and incorporates its contents into the PXE rendering pipeline, exposing the data to the attacker. No network-level exploitation primitive or memory corruption is involved. The attack relies entirely on misuse of a legitimate API field.

A fabricated proof-of-concept is not included because no verified exploit code is available. Refer to the Launchpad Bug Report #2148319 and the Openwall OSS Security Mailing List for the upstream technical discussion.

Detection Methods for CVE-2026-44917

Indicators of Compromise

• Ironic node create or update API calls where pxe_template is set to a path outside the standard template directory such as /etc/ironic/ or /root/.
• Unexpected reads of sensitive files by the Ironic conductor service account in host audit logs.
• Node provisioning operations initiated by project admin or manager accounts that do not own the targeted hardware.

Detection Strategies

• Audit Ironic API logs for PATCH and POST requests against /v1/nodes that modify pxe_template and flag values that do not match an approved allow-list.
• Enable Linux auditd rules on the conductor host to monitor open() syscalls by the ironic user against sensitive paths.
• Correlate keystone authentication events for project admin and manager roles with Ironic node modifications to identify anomalous workflows.

Monitoring Recommendations

• Forward Ironic conductor and API logs to a centralized SIEM and alert on pxe_template values containing .., absolute paths outside /etc/ironic/templates/, or references to credential files.
• Track the rate of node updates per project admin and alert on bursts that may indicate enumeration of conductor files.
• Rotate and monitor any credentials stored in ironic.conf or node driver_info for use from unexpected source addresses.

How to Mitigate CVE-2026-44917

Immediate Actions Required

• Upgrade OpenStack Ironic to version 35.0.2 or later on all conductor and API nodes.
• Review existing nodes for non-default pxe_template values and reset them to approved templates.
• Rotate any credentials, keys, or secrets readable by the Ironic service account that may have been exposed.
• Restrict the project admin and manager roles to trusted operators until patches are applied.

Patch Information

The fix is included in OpenStack Ironic 35.0.2. Operators on older release series should consult their distribution security advisories for backported packages. Track upstream progress through the Launchpad Bug Report #2148319.

Workarounds

• Apply policy.yaml restrictions that prevent non-system roles from modifying the pxe_template field on nodes.
• Run the Ironic conductor under a dedicated low-privilege account with file system access limited to required template, image, and configuration directories.
• Use mandatory access control such as SELinux or AppArmor profiles to confine the conductor process to its approved file paths.

# Example policy.yaml restriction limiting pxe_template updates to system admins
"baremetal:node:update_driver_info": "role:admin and system_scope:all"
"baremetal:node:update": "role:admin and system_scope:all"