Home

Description

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

PUBLISHED Reserved 2026-06-14 | Published 2026-07-10 | Updated 2026-07-10 | Assigner mitre




HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

Problem types

CWE-424 Improper Protection of Alternate Path

Product status

Default status
unaffected

22.1.0 (semver) before 29.0.6
affected

30.0.0 (semver) before 32.0.2
affected

32.0.0 (semver) before 35.0.2
affected

36.0.0 (semver) before 37.0.1
affected

References

www.openwall.com/lists/oss-security/2026/07/08/3

bugs.launchpad.net/ironic/+bug/2150458

security.openstack.org/ossa/OSSA-2026-025.html

cve.org (CVE-2026-54423)

nvd.nist.gov (CVE-2026-54423)

Download JSON