{"id":"CVE-2026-42510","details":"OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.","aliases":["GHSA-wqpv-c3pp-3m58"],"modified":"2026-07-08T08:13:25.417370416Z","published":"2026-04-28T04:53:10.789Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"4.3.0"},{"last_affected":"26.1.6"},{"introduced":"27.0.0"},{"last_affected":"29.0.5"},{"introduced":"30.0.0"},{"last_affected":"32.0.1"},{"introduced":"33.0.0"},{"last_affected":"35.0.1"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"introduced":"4.3.0"},{"last_affected":"26.1.6"},{"introduced":"27.0.0"},{"last_affected":"29.0.5"},{"introduced":"30.0.0"},{"last_affected":"32.0.1"},{"introduced":"33.0.0"},{"last_affected":"35.0.1"}],"source":"CPE_FIELD"},{"extracted_events":[{"fixed":"35.0.1"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42510.json","cwe_ids":["CWE-829"],"cna_assigner":"mitre"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/04/30/1"},{"type":"WEB","url":"https://bugs.launchpad.net/ironic/+bug/2148331"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2026-008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42510.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42510"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/ironic","events":[{"introduced":"4266e8638db5cd3c05a3723451adf250166cf497"},{"fixed":"27f58a0b29a4dabd42fbca1f8ccbe03094596643"},{"introduced":"62bf4d76d32c2b7ae02767aefe6d032e1ed4d0e9"},{"fixed":"be28b32b4307f82a7e93e36ab7864b0a438a9d03"},{"introduced":"f2a3ec5d5ef444bf5f6f7df0f1362d00bd8cda69"},{"fixed":"8b663209ff46ba2fbd05797ba7105b4f00e6dac4"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"27.0.0"},{"fixed":"29.0.5"},{"introduced":"30.0.0"},{"fixed":"32.0.1"},{"introduced":"33.0.0"},{"fixed":"35.0.1"}],"cpe":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*"}}],"versions":["35.0.0","34.0.0","33.0.0","29.0.4","32.0.0","31.0.0","29.0.3","30.0.0","29.0.2","29.0.1","29.0.0","28.0.0","27.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42510.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}