CVE-2026-42510 PUBLISHED

Assigner: mitre
Reserved: 28.04.2026 Published: 28.04.2026 Updated: 28.04.2026

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.6

Product Status

Vendor OpenStack
Product Ironic
Versions Default: unaffected
  • affected from 4.3.0 to 26.1.6 (incl.)
  • affected from 27.0.0 to 29.0.5 (incl.)
  • affected from 30.0.0 to 32.0.1 (incl.)
  • affected from 33.0.0 to 35.0.1 (incl.)

References

Problem Types

  • CWE-829 Inclusion of Functionality from Untrusted Control Sphere CWE