CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-rmxr-45gj-889w: OpenStack Ironic Python Agent Includes Functionality from Untrusted Control Sphere

highCVSS 8CVE-2026-43003
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
high — CVSS 8
Published
2026-05-01
Last updated
2026-07-08
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-rmxr-45gj-889w

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-43003coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories