{"uuid": "1a0047d9-b6c8-4f9b-bfda-33d94278fc1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46447", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mog6pyk4j32w", "content": "OpenStack Ironic shipped an errata for CVE-2026-46447 because the original patches broke valid URL-encoded kernel parameters. The bug let a user with node edit rights inject iPXE scripts during boot. Both rounds are needed across Ironic 17.0.0 to 35.0.1. Patched your bare-metal fleet?\n#OpenStack", "creation_timestamp": "2026-06-16T16:09:48.658558Z"}