IPMI Management Interface Vulnerability in OpenStack Ironic by OpenStack
CVE-2026-54423
8.2HIGH
What is CVE-2026-54423?
In OpenStack Ironic, prior to version 37.0.1, a vulnerability exists where an Ironic user with permissions to deploy nodes using the IPMI management interface can exploit the send_raw command. This exploitation enables the user to inject arbitrary IPMI commands directly to a node, effectively bypassing the built-in access controls of Ironic. This can lead to unauthorized actions on the deployed hardware, posing significant security risks to the affected environments.
Affected Version(s)
Ironic 22.1.0 < 29.0.6
Ironic 30.0.0 < 32.0.2
Ironic 32.0.0 < 35.0.2
