PT-2026-57058 · Openstack · Ironic
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-54423
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H |
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ironic