PYSEC-2026-205
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/ironic-python-agent/PYSEC-2026-205.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2026-205
- Aliases
-
- CVE-2026-43003
- GHSA-rmxr-45gj-889w
- Published
- 2026-05-01T09:16:17.440Z
- Modified
- 2026-06-10T17:01:52.594852079Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
- References
Affected packages
PyPI / ironic-python-agent
Package
- Name
- ironic-python-agent
- View open source insights on deps.dev
- Purl
- pkg:pypi/ironic-python-agent
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
3.*
3.0.0
3.1.0
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.5.0
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.7.0
4.*
4.0.0
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
6.*
6.0.0
6.1.0
6.1.1
6.1.2
6.1.3
6.2.0
6.3.0
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
7.*
7.0.0
7.0.1
7.0.2
7.1.0
8.*
8.0.0
8.1.0
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.4.0
8.5.0
8.5.1
8.5.2
8.5.3
8.6.0
9.*
9.0.0
9.1.0
9.1.1
9.2.0
9.3.0
9.4.0
9.4.1
9.4.2
9.4.3
9.5.0
9.6.0
9.7.0
9.7.1
9.7.2
9.7.3
9.8.0
9.9.0
9.10.0
9.11.0
9.11.1
9.11.2
9.11.3
9.12.0
9.13.0
9.14.0
9.14.1
10.*
10.0.0
10.1.0
10.2.0
10.2.1
10.2.2
11.*
11.0.0
11.1.0
11.2.0
11.3.0
11.4.0
11.5.0