CVE Catalog

CVE-2026-50589

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

35th percentile - higher than 35% of all known CVEs

Summary

In OpenStack Ironic versions 32 through 36.x before 37.0.0, an unauthenticated attacker can submit a crafted JSON string to certain API or JSON-RPC endpoints, causing a service crash.

Risk Assessment

The risk is a potential Denial of Service (DoS) attack on the Ironic service, which can disrupt bare metal management in an OpenStack cloud.

Recommendation

It is recommended to immediately upgrade OpenStack Ironic to version 37.0.0 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS