Ironic Security Vulnerabilities and Issues — Ironic CVE List

OpenstackIronic

9 matches found

CVE•added 2017/06/07 2:0 p.m.•45 views

CVE-2015-7514

CVE-2015-7514 affects OpenStack Ironic 4.2.0–4.2.1. The root cause is that the disk is not properly cleaned after use, allowing remote authenticated users to obtain sensitive information. The incident is limited to the described OpenStack Ironic versions; no remediation details are provided in th...

6.5CVSS6.1AI score0.01577EPSS

CVE•added 2026/06/04 11:59 p.m.•26 views

CVE-2026-50589

In the provided documents, CVE-2026-50589 affects OpenStack Ironic 32 prior to 37.0.0. The underlying issue is that an unauthenticated malicious user can submit a crafted JSON string to certain API/JSON-RPC endpoints, leading to a service crash. The reports consistently reference the same conditi...

7.5CVSS5.5AI score0.00351EPSS

CVE•added 2026/06/03 12:0 a.m.•20 views

CVE-2026-46447

OpenStack Ironic

7.7CVSS5.8AI score0.00262EPSS

CVE•added 2026/06/04 12:0 a.m.•18 views

CVE-2026-48681

OpenStack Ironic versions before 35.0.2 are affected by a vulnerability that allows file overwrite via directory traversal during deployment when processing a crafted ISO image. The issue concerns the deployment phase’s handling of ISO content, enabling unintended filesystem writes. Public source...

8.1CVSS5.8AI score0.00601EPSS

CVE•added 2026/06/04 12:0 a.m.•16 views

CVE-2026-44917

OpenStack Ironic (prior to 35.0.2) is vulnerable to an information-disclosure issue where a malicious authenticated project admin or manager can read local files on the Ironic conductor via a pxe_template. This CVE is documented across multiple sources (OpenStack Ironic, Debian tracker, CVE lists...

4.9CVSS5.8AI score0.00283EPSS

CVE•added 2026/05/08 6:38 a.m.•15 views

CVE-2026-44916

CVE-2026-44916 affects OpenStack Ironic up to version 35.x, where rendering of instance_info['ks_template'] occurs without sandboxing. The root cause is the lack of sandboxing during template rendering, which can expose sensitive information or enable unintended behavior within the template execu...

3CVSS5.8AI score0.00336EPSS

CVE•added 2026/05/14 12:0 a.m.•14 views

CVE-2026-44919

OpenStack Ironic (through 35.x before a3f6d73) is affected. During image handling, an infinite loop can occur in checksum calculations when processing file:///dev/zero, potentially impacting availability (CVSS 3.1 base score 4.3). The root cause is in the image handling/checksum path; no exploita...

6.5CVSS5.8AI score0.00466EPSS

CVE•added 2026/05/05 12:0 a.m.•13 views

CVE-2026-42997

CVE-2026-42997 affects iDRAC in OpenStack Ironic (pre-35.0.1). During import, a user invoking molds can trigger authorization to a remote endpoint, forwarding a credential: either a time-limited Keystone token (granting access to all services Ironic is authorized for) or basic credentials for mol...

7.7CVSS5.8AI score0.00394EPSS

CVE•added 2026/04/28 4:53 a.m.•8 views

CVE-2026-42510

CVE-2026-42510 affects OpenStack Ironic in configurations that are non-default but expose a console interface. OpenStack Ironic prior to 35.0.1 permits ipmitool execution under such configurations, per provided descriptions. The root cause, as stated, is the ability to run ipmitool when a console...

7.2CVSS5.5AI score0.0057EPSS