CVE-2026-44919

Summary

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

Affected Software

VendorProductVersion RangeStatus
OpenStackIronic23.0.4 < 29.0.6affected
OpenStackIronic30.0.0 < 32.0.2affected
OpenStackIronic33.0.0 < 35.0.2affected

Weaknesses

  • CWE-696: CWE-696 Incorrect Behavior Order

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References