CVE-2026-54423
Received
Received - Intake
IPMI Arbitrary Command Execution in OpenStack Ironic
Vulnerability report for CVE-2026-54423, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: MITRE
Description
Description
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstack | ironic | From 22.1.0 (inc) to 29.0.6 (exc) |
| openstack | ironic | From 30.0.0 (inc) to 32.0.2 (exc) |
| openstack | ironic | From 33.0.0 (inc) to 35.0.2 (exc) |
| openstack | ironic | From 36.0.0 (inc) to 37.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-424 | The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. |