CVE-2026-42510

MEDIUM

OpenStack Ironic <=25.0.0 - Command Injection

Title source: llm
STIX 2.1

Description

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.

References (2)

Scores

CVSS v3 6.6
EPSS 0.0006
EPSS Percentile 19.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-829
Status published
Products (5)
OpenStack/Ironic < 25.0.0
OpenStack/Ironic 27.0.0 - 29.0.5
OpenStack/Ironic 30.0.0 - 32.0.1
OpenStack/Ironic 33.0.0 - 35.0.1
OpenStack/Ironic 4.3.0 - 26.1.6
Published Apr 28, 2026
Tracked Since Apr 28, 2026