Executive Summary

CVE-2026-50589 is a Denial of Service (DoS) vulnerability in OpenStack Ironic versions 32 through 35.0.1. It allows an unauthenticated attacker to send a specially crafted JSON payload to certain API or JSON-RPC endpoints, such as the /v1/continue_inspection endpoint, causing the Ironic service to crash with a segmentation fault (SIGSEGV).

The root cause is a lack of content-length validation during JSON parsing combined with Ironic's default stack size being smaller than Python's recursion limit. This mismatch leads to stack overflows when processing deeply nested JSON, resulting in a crash. The crash leaves minimal forensic evidence, making it hard to trace the attacker.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause the OpenStack Ironic service to crash unexpectedly, resulting in a Denial of Service (DoS). An attacker does not need to be authenticated to exploit this issue, which means service availability can be disrupted by maliciously crafted JSON requests.

Because the crash leaves minimal forensic traces, it can be difficult to detect or attribute the attack, potentially allowing attackers to repeatedly disrupt service without easy identification.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability causes the OpenStack Ironic service to crash with a segmentation fault (SIGSEGV) when it receives a maliciously crafted JSON payload at certain endpoints, such as `/v1/continue_inspection`.

Detection is difficult because the crash leaves minimal forensic traces. However, reverse proxy logs (e.g., from Apache or nginx) may provide clues by showing unusual or malformed JSON requests targeting Ironic's JSON parsing endpoints.

There are no specific commands provided to detect the vulnerability directly, but monitoring for service crashes and analyzing reverse proxy logs for suspicious JSON payloads sent to Ironic API endpoints can help identify potential exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include implementing early request validation to check the JSON payload's depth and length before full parsing to prevent stack overflows.

Adjusting the stack size configuration of the Ironic service to better handle recursion limits can reduce the risk of crashes.

Upgrading to Python 3.14 is recommended, as it includes improved stack overflow detection that can help mitigate this issue.

Additionally, applying defense-in-depth measures such as middleware-based request sanitization and enforcing strict request body size limits at reverse proxies (Apache, nginx) can help prevent exploitation.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in OpenStack Ironic allows unauthenticated attackers to cause a denial of service by crashing the service through crafted JSON payloads. This results in service unavailability but does not involve unauthorized access to or modification of data.

Since the vulnerability does not lead to data breaches, data integrity loss, or unauthorized data disclosure, it does not directly impact compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal and sensitive data.

However, the denial of service could indirectly affect compliance by disrupting availability requirements mandated by some standards, as service downtime might impact business continuity and availability commitments.

Organizations should consider implementing mitigations and defense-in-depth measures to maintain service availability and thus support compliance with availability-related requirements.

Useful 0 Not Useful 0