CVE-2026-54423
EUVD-2026-4278110.07.2026, 04:17
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| openstack | ironic | 22.1.0 ≤ 𝑥 < 29.0.6 | CNA |
| openstack | ironic | 30.0.0 ≤ 𝑥 < 32.0.2 | CNA |
| openstack | ironic | 32.0.0 ≤ 𝑥 < 35.0.2 | CNA |
| openstack | ironic | 36.0.0 ≤ 𝑥 < 37.0.1 | CNA |
Debian Releases
Ubuntu Releases
Common Weakness Enumeration