CVE-2026-42510 - Vulnerability Details

- OpenStack Ironic: ipmitool: OpenStack Ironic: Arbitrary Code Execution via Remote Hardware Management

Description

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.

Published: 2026-04-28

Score: 6.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

OpenStack Ironic versions prior to 35.0.1 allow an attacker who can access a non‑default console interface to invoke ipmitool and execute arbitrary commands on the target node. This flaw is classified as CWE‑78 (OS Command Injection) and CWE‑829 (Excessive Privilege) because the component fails to restrict the resources it exposes. If exploited, an attacker could control the node’s underlying hardware or operating system, potentially leading to full system compromise.

Affected Systems

The vulnerability affects OpenStack Ironic deployments using any version older than 35.0.1. No other vendors or products are listed as affected.

Risk and Exploitability

The CVSS score of 6.6 indicates medium severity. The EPSS score of <1% implies a low probability of exploitation, and the flaw is not listed in CISA’s KEV catalog, suggesting no confirmed large‑scale exploitation yet. The likely attack vector is an authenticated or collaborative administrator who interacts with the console interface that is not configured to default settings. Successful exploitation would require the attacker to supply an ipmitool command through that interface, resulting in remote command execution on the node machine.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OpenStack

Ironic

unaffected

Version	Status	Constraints
`4.3.0`	affected	≤ 26.1.6
`27.0.0`	affected	≤ 29.0.5
`30.0.0`	affected	≤ 32.0.1
`33.0.0`	affected	≤ 35.0.1

No data.

Vendor Product Confidence Versions

Openstack

Ironic

95%

Version	Status	Scheme	Platform
`[4.3.0,26.1.6]`	affected	semver	—
`[27.0.0,29.0.5]`	affected	semver	—
`[30.0.0,32.0.1]`	affected	semver	—
`[33.0.0,35.0.1]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade OpenStack Ironic to version 35.0.1 or later
Disable or remove any non‑default console interfaces that expose ipmitool functionality
Apply network or firewall rules to limit access to the console interface only to trusted administrators

Generated by OpenCVE AI on April 29, 2026 at 17:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-wqpv-c3pp-3m58	OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00084.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
http://www.openwall.com/lists/oss-security/2026/04/30/1
https://bugs.launchpad.net/ironic/+bug/2148331
https://nvd.nist.gov/vuln/detail/CVE-2026-42510
https://security.openstack.org/ossa/OSSA-2026-008.html
https://www.cve.org/CVERecord?id=CVE-2026-42510

History

Wed, 20 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
References		https://security.openstack.org/ossa/OSSA-2026-008.html

Thu, 30 Apr 2026 04:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2026/04/30/1

Wed, 29 Apr 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title	Non‑Default ipmitool Execution in OpenStack Ironic Console Interface	OpenStack Ironic: ipmitool: OpenStack Ironic: Arbitrary Code Execution via Remote Hardware Management
Weaknesses		CWE-78
References		https://nvd.nist.gov/vuln/detail/CVE-2026-42510 https://www.cve.org/CVERecord?id=CVE-2026-42510
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 28 Apr 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 28 Apr 2026 12:45:00 +0000

Type	Values Removed	Values Added
Title		Non‑Default ipmitool Execution in OpenStack Ironic Console Interface

Tue, 28 Apr 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description	OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface.	OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.

Tue, 28 Apr 2026 05:30:00 +0000

Type	Values Removed	Values Added
Description		OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface.
First Time appeared		Openstack Openstack ironic
Weaknesses		CWE-829
CPEs		cpe:2.3:a:openstack:ironic::::::::
Vendors & Products		Openstack Openstack ironic
References		https://bugs.launchpad.net/ironic/+bug/2148331
Metrics		cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Openstack Ironic

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-28T04:53:10.789Z

Updated: 2026-05-20T15:33:10.131Z

Reserved: 2026-04-28T04:53:10.221Z

Link: CVE-2026-42510

Vulnrichment

Updated: 2026-04-30T03:05:07.152Z

NVD

Status : Awaiting Analysis

Published: 2026-04-28T06:16:04.100

Modified: 2026-05-20T17:16:22.640

Link: CVE-2026-42510

Redhat

Severity : Moderate

Publid Date: 2026-04-28T04:53:10Z

Links: CVE-2026-42510 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-29T17:15:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object