Home
MEDIUM: 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:NDefault status
unaffected
27.0.0 (semver) before 29.0.6
affected
30.0.0 (semver) before 32.0.2
affected
33.0.0 (semver) before 35.0.2
affected
36.0.0 (semver) before 37.0.1
affected
Description
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
Problem types
Product status
27.0.0 (semver) before 29.0.6
30.0.0 (semver) before 32.0.2
33.0.0 (semver) before 35.0.2
36.0.0 (semver) before 37.0.1
References
www.openwall.com/lists/oss-security/2026/07/08/4
bugs.launchpad.net/ironic/+bug/2150450
security.openstack.org/ossa/OSSA-2026-026.html
lists.openstack.org/...ead/PAJKDWS23MKSSNX22JEVDA7RWN3BHJYC/
www.openwall.com/lists/oss-security/2026/07/08/4