CVE-2026-7254
Analyzed Analyzed - Analysis Complete
Denial of Service in IBM OpenBMC Firmware

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: IBM Corporation

Description
IBM OPENBMC FW1110.00 through FW1110.11Β is vulnerable to denial of service attacks by unauthenticated network users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7254
EUVD
EUVD-2026-32493
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm openbmc From 1110.00 (inc) to 1110.11 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2026-7254 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-7254 is a vulnerability in the OpenBMC HTTPS service used by certain IBM Power System models. It allows unauthenticated network users to perform denial of service (DoS) attacks by exploiting improper validation of input quantities (classified under CWE-1284). This means attackers can disrupt the normal operation of the affected systems without needing any authentication.

Impact Analysis

This vulnerability can impact you by allowing attackers to cause denial of service on affected IBM Power System models running vulnerable OpenBMC firmware versions. The DoS attack can disrupt system availability, potentially causing downtime or interruptions in service. Since the attack requires no authentication, it can be launched remotely by anyone with network access to the BMC interface.

Mitigation Strategies

To mitigate the CVE-2026-7254 vulnerability, IBM recommends updating the OpenBMC firmware to version FW1110.20(1110_130) or newer.

Additionally, it is advised to restrict access to the BMC's network interface to protect against potential denial of service attacks by unauthenticated network users.

Customers can also subscribe to IBM's notification service to stay informed about future security bulletins and remediation updates.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7254. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart