OpenStack Ironic <=25.0.0 IPMI Tool Execution via Console Interface
CVE-2026-42510 Published on April 28, 2026
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
Vulnerability Analysis
CVE-2026-42510 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
Inclusion of Functionality from Untrusted Control Sphere
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Products Associated with CVE-2026-42510
Want to know whenever a new CVE is published for OpenStack Ironic? stack.watch will email you.
Affected Versions
OpenStack Ironic:- Version 4.3.0, <= 26.1.6 is affected.
- Version 27.0.0, <= 29.0.5 is affected.
- Version 30.0.0, <= 32.0.1 is affected.
- Version 33.0.0, <= 35.0.1 is affected.