CVE-2026-42997

216.73.217.22

· Published 05/05/2026 19:16 · Modified 05/05/2026 20:16

Labels: CVE-2026-42997 2026-05-05 CVE-2026-42997 CWE-669 [email protected]

Essential information

Published: 05/05/2026 19:16
Modified: 05/05/2026 20:16
Author: —
Creator: —
CVSS: 7.7 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS metrics

Description

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
openstack / ironic	`cpe:2.3:a:openstack:ironic:<26.1.6-35.0.0>:::::::*`
openstack / ironic	`cpe:2.3:a:openstack:ironic:26.1.6:::::::*`
openstack / ironic	`cpe:2.3:a:openstack:ironic:29.0.5:::::::*`
openstack / ironic	`cpe:2.3:a:openstack:ironic:32.0.1:::::::*`
openstack / ironic	`cpe:2.3:a:openstack:ironic:35.0.1:::::::*`