CVE-2026-50031
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in FreeIPMI ipmi-oem

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: MITRE

Description
ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-50031
EUVD
EUVD-2026-34065
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gnu freeipmi to 1.16.18 (exc)
gnu freeipmi 1.6.18
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-50031 is a stack buffer overflow vulnerability in the ipmi-oem client commands of GNU FreeIPMI before version 1.6.18. It affects two specific subcommands: "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text."

The vulnerability occurs because these commands allocate fixed-size buffers on the stack but use attacker-controlled data lengths when copying response messages. This allows a malicious or compromised Baseboard Management Controller (BMC) to overflow these buffers by sending oversized response data.

Such buffer overflows can cause process crashes or potentially allow an attacker to hijack control flow and execute arbitrary code, depending on compiler options, stack layout, and runtime protections.

Impact Analysis

This vulnerability can impact you by causing the ipmi-oem process to crash, leading to denial of service in system management operations.

More seriously, it could allow an attacker who can send malicious responses from a compromised or malicious BMC to execute arbitrary code on the system running FreeIPMI, potentially gaining control over system management functions.

Since FreeIPMI is commonly used for sensor monitoring and remote power control, exploitation could disrupt critical hardware management tasks or allow unauthorized control over hardware.

Detection Guidance

This vulnerability affects the ipmi-oem commands in FreeIPMI, specifically the subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text." Detection can involve monitoring or testing these specific commands for abnormal behavior or crashes caused by buffer overflows.

You can use the following commands to check if your system is vulnerable by running the affected ipmi-oem subcommands and observing for crashes or unexpected behavior:

  • ipmi-oem dell get-active-directory-config
  • ipmi-oem fujitsu get-sel-entry-long-text

If these commands cause crashes or abnormal responses, it may indicate the presence of the vulnerability or an exploit attempt.

Mitigation Strategies

The primary mitigation step is to update FreeIPMI to version 1.6.18 or later, where the buffer overflow vulnerabilities in the ipmi-oem commands have been fixed.

Until the update can be applied, avoid using the vulnerable ipmi-oem subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" to prevent triggering the buffer overflow.

Additionally, monitor your systems for unusual crashes or behavior related to the ipmi-oem commands, and restrict access to IPMI interfaces to trusted users and networks to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50031. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart