CVE-2026-42997

🗓️ 05 May 2026 00:00:00Reported by mitreType

CVE-2026-42997: Ironic before 35.0.1 leaks Keystone tokens or mold credentials during mold import.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2026-42997	5 May 202600:00	–	attackerkb
Circl	CVE-2026-42997	5 May 202617:59	–	circl
CNNVD	OpenStack Ironic 安全漏洞	5 May 202600:00	–	cnnvd
Cvelist	CVE-2026-42997	5 May 202600:00	–	cvelist
Debian	[SECURITY] [DSA 6341-1] ironic security update	11 Jun 202618:49	–	debian
Debian CVE	CVE-2026-42997	5 May 202600:00	–	debiancve
Tenable Nessus	Debian dsa-6341 : ironic-api - security update	11 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-42997	5 May 202600:00	–	nessus
EUVD	EUVD-2026-27428	5 May 202621:31	–	euvd
Github Security Blog	OpenStack Ironic has an Incorrect Resource Transfer Between Spheres	5 May 202621:31	–	github

NVD

Vulners

CNA

Node

openstack ironicRange17.0.0–26.1.6

openstack ironicRange27.0.0–29.0.5

openstack ironicRange30.0.0–32.0.1

openstack ironicRange33.0.0–35.0.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Ironic",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "26.1.6",
        "status": "affected",
        "version": "17.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "29.0.5",
        "status": "affected",
        "version": "27.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "32.0.1",
        "status": "affected",
        "version": "30.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "35.0.1",
        "status": "affected",
        "version": "33.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
openwall	www.openwall.com/lists/oss-security/2026/05/05/10
security	www.security.openstack.org/ossa/OSSA-2026-010.html
openwall	www.openwall.com/lists/oss-security/2026/05/05/10

18 Jun 2026 17:12Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.7

EPSS0.00394

SSVC

CWE-669