Buffer Overflow Vulnerability in FreeIPMI's IPMI OEM Client Command
CVE-2026-50031

7.5HIGH

Key Information:

Vendor: Freeipmi
Status: Freeipmi
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-50031?

The FreeIPMI tool, specifically the ipmi-oem client command, contains exploitable buffer overflows affecting response messages for certain OEM commands. This vulnerability can impact users operating supported hardware who execute commands such as 'ipmi-oem dell get-active-directory-config' and 'ipmi-oem fujitsu get-sel-entry-long-text'. These commands are designed to retrieve crucial system management data, and the buffer overflow can potentially allow an attacker to manipulate the execution flow of the application, leading to unauthorized actions or data breaches.

Affected Version(s)

FreeIPMI 0.7.12 < 1.6.18

References

https://savannah.gnu.org/bugs/index.php?68363

https://savannah.gnu.org/bugs/index.php?68364

https://lists.gnu.org/archive/html/info-gnu/2026-06/msg00...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
Jun 3, 2026

CVE-2026-50031 Data

JSON

Freeipmi

What is CVE-2026-50031?

Affected Version(s)

References

CVSS V3.1

Timeline