CVE-2026-50589

Published Jun 5, 2026

Last updated 9 days ago

CVSS medium 5.3

Overview

Description
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
Source
cve@mitre.org
NVD status
Analyzed
Products
ironic

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-770

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.CVE-2026-48681
  2. OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.CVE-2026-44917
  3. OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.CVE-2026-46447
  4. In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.CVE-2026-44919
  5. In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.CVE-2026-44916

References

Sources include official advisories and independent security research.