Every CVE whose affected-product data names Openstack Ironic, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-42997 — CVSS 7.7 (high): An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be…
CVE-2026-42510 — CVSS 6.6 (medium): OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
CVE-2015-7514 — CVSS 6.5 (medium): OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive…
CVE-2026-48681 — CVSS 5.9 (medium): OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
CVE-2026-46447 — CVSS 5.8 (medium): OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or…
CVE-2026-50589 — CVSS 5.3 (medium): In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or…
CVE-2026-44917 — CVSS 4.9 (medium): OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a…
CVE-2026-44919 — CVSS 4.3 (medium): In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the…
CVE-2026-44916 — CVSS 3.0 (low): In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.