An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43003.json
https://bugzilla.redhat.com/show_bug.cgi?id=2464306
https://bugs.launchpad.net/ironic-python-agent/+bug/2148310