Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-01T00:00:00 ironic-python-agent: OpenStack ironic-python-agent: Arbitrary code execution via malicious image 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CWE-78

A flaw was found in OpenStack ironic-python-agent (IPA). The Ironic Python Agent sometimes executes the grub-install command from within a chroot environment of a deployed partition image. This allows an attacker, by providing a malicious image, to achieve arbitrary code execution within the system.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat OpenShift Container Platform 4 Affected openshift4/ose-ironic-agent-rhel8 Red Hat OpenShift Container Platform 4 Affected openshift4/ose-ironic-agent-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-43003 https://nvd.nist.gov/vuln/detail/CVE-2026-43003 https://bugs.launchpad.net/ironic-python-agent/+bug/2148310 https://github.com/openstack/ironic-python-agent/blob/236b33abffe6688afc39c21e351cc3889b3db2dd/ironic_python_agent/efi_utils.py#L134-L139