Command Injection Vulnerability in OpenStack Ironic Console Interface
CVE-2026-42510

6.6MEDIUM

Key Information:

Vendor: Openstack
Status: Ironic
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-42510?

OpenStack Ironic prior to version 35.0.1 contains a command injection vulnerability that allows the execution of ipmitool in configurations with a console interface active. This flaw could lead to unauthorized command execution and potentially compromise system integrity. It is crucial for users to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Ironic 4.3.0 <= 26.1.6

Ironic 27.0.0 <= 29.0.5

Ironic 30.0.0 <= 32.0.1

References

https://bugs.launchpad.net/ironic/+bug/2148331

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-42510 Data

JSON

Openstack

What is CVE-2026-42510?

Affected Version(s)

References

CVSS V3.1

Timeline