CVE-2026-42510

Summary

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.

Affected Software

VendorProductVersion RangeStatus
OpenStackIronic4.3.0 <= 26.1.6affected
OpenStackIronic27.0.0 <= 29.0.5affected
OpenStackIronic30.0.0 <= 32.0.1affected
OpenStackIronic33.0.0 <= 35.0.1affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References