Authorization Bypass Vulnerability in OpenStack Ironic
CVE-2026-44918
5.5MEDIUM
What is CVE-2026-44918?
The OpenStack Ironic service, prior to version 37.0.1, is vulnerable to an authorization bypass issue that permits unauthorized users to create or modify nodes across different projects. This flaw compromises expected security protocols, allowing potential malicious actors unrestricted access to project-specific resources, thereby raising significant security concerns for organizations utilizing the OpenStack Ironic platform. To mitigate this vulnerability, it is essential to upgrade to the latest version, ensuring that proper authorization checks are enforced for node operations.
Affected Version(s)
Ironic 27.0.0 < 29.0.6
Ironic 30.0.0 < 32.0.2
Ironic 33.0.0 < 35.0.2
