Sensitive Data Exposure in OpenStack Ironic by OpenStack Foundation
CVE-2026-54421

6.8MEDIUM

Key Information:

Vendor: Openstack
Status: Ironic
Vendor: CVE Published:; 14 June 2026

What is CVE-2026-54421?

In OpenStack Ironic versions up to 35.0.1, a security flaw allows unauthorized return of sensitive information such as iSCSI credentials when applying updates to volume properties. This vulnerability can lead to exposure of sensitive data, impacting system security and confidentiality.

Affected Version(s)

Ironic 17.0.0 < 29.0.6

Ironic 30.0.0 < 32.0.2

Ironic 33.0.0 < 35.0.2

References

https://bugs.launchpad.net/ironic/+bug/2155049

https://security.openstack.org/ossa/OSSA-2026-023.html

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2026
Vulnerability Reserved
Jun 14, 2026

CVE-2026-54421 Data

JSON

Openstack

What is CVE-2026-54421?

Affected Version(s)

References

CVSS V3.1

Timeline