Home
HIGH: 8.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:HDefault status
unaffected
22.1.0 (semver) before 29.0.6
affected
30.0.0 (semver) before 32.0.2
affected
32.0.0 (semver) before 35.0.2
affected
36.0.0 (semver) before 37.0.1
affected
Description
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
Problem types
CWE-424 Improper Protection of Alternate Path
Product status
22.1.0 (semver) before 29.0.6
30.0.0 (semver) before 32.0.2
32.0.0 (semver) before 35.0.2
36.0.0 (semver) before 37.0.1
References
www.openwall.com/lists/oss-security/2026/07/08/3
bugs.launchpad.net/ironic/+bug/2150458
security.openstack.org/ossa/OSSA-2026-025.html