What is CVE-2026-44916?

CVE-2026-44916 is a low-severity vulnerability in Openstack Ironic, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 3.0/10. Published 2026-05-08.

How severe is CVE-2026-44916?

Low severity. CVSS v3 base score is 3.0 out of 10.

Vulnerability in Openstack Ironic

CVE-2026-44916

In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N.

Affected products

Openstack Ironic — versions 30.0.0, 33.0.0, 27.0.0

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

cve@mitre.org
af854a3a-2127-422b-91ae-364da2661108
cve@mitre.org

Frequently asked questions

What is CVE-2026-44916?: CVE-2026-44916 is a low-severity vulnerability in Openstack Ironic, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 3.0/10. Published 2026-05-08.
How severe is CVE-2026-44916?: Low severity. CVSS v3 base score is 3.0 out of 10.