OpenStack Ironic Infinite Loop via file:///dev/zero URL: CVE-2026-44919 May 2026

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

Vulnerability Analysis

CVE-2026-44919 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-44919. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

Products Associated with CVE-2026-44919

Want to know whenever a new CVE is published for OpenStack Ironic? stack.watch will email you.

OpenStack Ironic Infinite Loop via file:///dev/zero URL
CVE-2026-44919 Published on May 14, 2026

Vulnerability Analysis

Weakness Type

Incorrect Behavior Order

Products Associated with CVE-2026-44919

Affected Versions

OpenStack Ironic Infinite Loop via file:///dev/zero URLCVE-2026-44919 Published on May 14, 2026

Vulnerability Analysis

Weakness Type

Incorrect Behavior Order

Products Associated with CVE-2026-44919

Affected Versions

OpenStack Ironic Infinite Loop via file:///dev/zero URL
CVE-2026-44919 Published on May 14, 2026