Home

Description

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.

PUBLISHED Reserved 2026-05-08 | Published 2026-07-10 | Updated 2026-07-10 | Assigner mitre




MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

27.0.0 (semver) before 29.0.6
affected

30.0.0 (semver) before 32.0.2
affected

33.0.0 (semver) before 35.0.2
affected

36.0.0 (semver) before 37.0.1
affected

References

www.openwall.com/lists/oss-security/2026/07/08/4

bugs.launchpad.net/ironic/+bug/2150450

security.openstack.org/ossa/OSSA-2026-026.html

lists.openstack.org/...ead/PAJKDWS23MKSSNX22JEVDA7RWN3BHJYC/

www.openwall.com/lists/oss-security/2026/07/08/4

cve.org (CVE-2026-44918)

nvd.nist.gov (CVE-2026-44918)

Download JSON