Openstack: >> Ironic Security Vulnerabilities
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
CVSS Score
5.3
EPSS Score
0.003
Published
2026-06-05
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
CVSS Score
5.9
EPSS Score
0.006
Published
2026-06-04
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-06-04
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
CVSS Score
5.8
EPSS Score
0.003
Published
2026-06-03
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
CVSS Score
4.3
EPSS Score
0.005
Published
2026-05-14
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
CVSS Score
3.0
EPSS Score
0.003
Published
2026-05-08
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
CVSS Score
7.7
EPSS Score
0.004
Published
2026-05-05
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
CVSS Score
6.6
EPSS Score
0.006
Published
2026-04-28
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
CVSS Score
6.5
EPSS Score
0.016
Published
2017-06-07