CVE Database · CVE-2026-43003
CVSS v3.1
8.0
EPSS
0.64%
Published
May 1, 2026
Modified
May 4, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (1)
References (2)