Executive Summary

CVE-2026-44916 is a security vulnerability in OpenStack Ironic where the instance_info['ks_template'] parameter is rendered without proper sandboxing. This allows for Jinja2 template injection because the rendering function uses an unsandboxed jinja2.Environment. Authenticated users who can set the template URL to an HTTP location can exploit this to craft malicious templates.

This vulnerability can lead to remote code execution (RCE) on the Ironic conductor process, potentially exposing sensitive information such as BMC credentials, database connections, and node provisioning capabilities.

The issue specifically affects kickstart-based deployments (RHEL/CentOS) using the Anaconda deploy interface, which must be enabled in the configuration. The vulnerability arises from a lack of sandboxing in the template rendering process.

A fix involves replacing the unsandboxed jinja2.Environment with jinja2.sandbox.SandboxedEnvironment to prevent execution of malicious payloads without breaking existing templates.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an authenticated attacker to execute arbitrary code remotely on the Ironic conductor process.

Successful exploitation could expose sensitive information such as BMC credentials, database connections, and node provisioning capabilities, which could lead to further compromise of the infrastructure.

Although the affected Anaconda deploy interface is not widely used in production, if permissions are loosened or the feature is enabled, the vulnerability creates a significant security risk.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the rendering of the instance_info['ks_template'] parameter without sandboxing in OpenStack Ironic, which can be exploited via Jinja2 template injection.

To detect this vulnerability on your system, you should check if your OpenStack Ironic deployment uses the Anaconda deploy interface with kickstart-based deployments (RHEL/CentOS) and if the vulnerable code path involving utils.render_template() with an unsandboxed jinja2.Environment is present.

There are no specific commands provided in the resources to detect exploitation attempts or presence of the vulnerability.

However, general detection steps could include reviewing configuration files for the Anaconda driver enablement, auditing logs for suspicious template rendering activities, and verifying the version of OpenStack Ironic to see if it is at or below version 35.x.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to apply the patch that replaces the use of jinja2.Environment with jinja2.sandbox.SandboxedEnvironment in the utils.render_template() function.

This change prevents malicious payloads from executing arbitrary code while maintaining compatibility with existing templates.

Additionally, if you are using the Anaconda deploy interface with kickstart-based deployments, consider disabling or restricting its use until the patch is applied.

Review and tighten permissions to limit authenticated users' ability to set template URLs to HTTP locations, reducing the attack surface.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows authenticated users to execute remote code on the Ironic conductor process, potentially exposing sensitive information such as BMC credentials, database connections, and node provisioning capabilities.

Exposure of such sensitive data could lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information and secure system operations.

Although the vulnerability currently affects a less commonly used deployment driver and requires authenticated access, it creates a defense-in-depth gap that could be exploited if permissions are loosened, increasing the risk of data breaches and regulatory violations.

Useful 0 Not Useful 0