OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.Referenceshttps://bugs.launchpad.net/ironic/+bug/2150624https://security.openstack.org/ossa/OSSA-2026-017.html
