{"vulnerability": "cve-2026-46447", "sightings": [{"uuid": "15bb3041-c9ed-43b5-b9a9-08809a7e4f0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46447", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnfmlk5tff2h", "content": "[OSSA-2026-017] Ironic: Script injection during node boot via linux command line override (CVE-2026-46447)", "creation_timestamp": "2026-06-03T17:19:58.036194Z"}, {"uuid": "ae20b9fb-08bb-4e10-9804-a9659806f065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46447", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnggf5vdix2f", "content": "CVE-2026-46447 - OpenStack Ironic Boot Script Injection\nCVE ID : CVE-2026-46447\n \n Published : June 3, 2026, 10:16 p.m. | 2\u00a0hours, 13\u00a0minutes ago\n \n Description : OpenStack Ironic through 35.0.x allows Boot Script Injection.\n \n Severity: 0.0 | NA\n \n Visit the link for more det...", "creation_timestamp": "2026-06-04T01:01:41.071056Z"}, {"uuid": "bcb616d5-cbcd-4c83-8c8c-8e1a2f15bf14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46447", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moecviubun2j", "content": "[OSSA-2026-017] Errata 1: Ironic: Script injection during node boot via linux command line override (CVE-2026-46447)", "creation_timestamp": "2026-06-15T22:19:06.750788Z"}, {"uuid": "1a0047d9-b6c8-4f9b-bfda-33d94278fc1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46447", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mog6pyk4j32w", "content": "OpenStack Ironic shipped an errata for CVE-2026-46447 because the original patches broke valid URL-encoded kernel parameters. The bug let a user with node edit rights inject iPXE scripts during boot. Both rounds are needed across Ironic 17.0.0 to 35.0.1. Patched your bare-metal fleet?\n#OpenStack", "creation_timestamp": "2026-06-16T16:09:48.658558Z"}]}