本ページは openstack ironic に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-54423 | In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control. | [email protected] | 8.2 | 0.52% | 2026-07-10 | 2026-07-10 |
| CVE-2026-44918 | OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization. | [email protected] | 5.5 | 0.43% | 2026-07-10 | 2026-07-10 |
| CVE-2026-54421 | In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security issue. | [email protected] | 6.8 | 0.27% | 2026-06-14 | 2026-06-17 |
| CVE-2026-50589 | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. | [email protected] | 5.3 | 0.35% | 2026-06-04 | 2026-07-14 |
| CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | [email protected] | 5.9 | 0.62% | 2026-06-04 | 2026-06-17 |
| CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. | [email protected] | 4.9 | 0.29% | 2026-06-04 | 2026-06-17 |
| CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | [email protected] | 5.8 | 0.26% | 2026-06-03 | 2026-06-17 |
| CVE-2026-44919 | In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL. | [email protected] | 4.3 | 0.47% | 2026-05-13 | 2026-06-17 |
| CVE-2026-44916 | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. | [email protected] | 3.0 | 0.33% | 2026-05-08 | 2026-06-18 |
| CVE-2026-42997 | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1. | [email protected] | 7.7 | 0.37% | 2026-05-05 | 2026-07-15 |
| CVE-2026-42510 | OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | [email protected] | 6.6 | 0.57% | 2026-04-28 | 2026-06-17 |
| CVE-2025-44021 | OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-defa | [email protected] | 2.8 | 0.15% | 2025-05-08 | 2026-06-17 |
| CVE-2015-7514 | OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | [email protected] | 6.5 | 1.58% | 2017-06-07 | 2026-06-16 |