Vulnerability Details CVE-2026-50589
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 24.0%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2026-50589
-
cpe:2.3:a:openstack:ironic:32.0.0
-
cpe:2.3:a:openstack:ironic:32.0.1
-
cpe:2.3:a:openstack:ironic:32.0.2
-
cpe:2.3:a:openstack:ironic:33.0.0
-
cpe:2.3:a:openstack:ironic:34.0.0
-
cpe:2.3:a:openstack:ironic:35.0.0
-
cpe:2.3:a:openstack:ironic:35.0.1
-
cpe:2.3:a:openstack:ironic:35.0.2
-
cpe:2.3:a:openstack:ironic:36.0.0