CVE-2026-54421

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2

Description When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This issue specifically occurs during the PATCH operation, whereas the POST operation does not result in this disclosure.

Recommendations Update to version 35.0.2 or later.