{"id":"CVE-2026-50589","details":"In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.","aliases":["PYSEC-2026-216"],"modified":"2026-07-10T03:54:09.885313580Z","published":"2026-06-04T23:59:20.118Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50589.json","cwe_ids":["CWE-770"],"cna_assigner":"mitre"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/06/06/2"},{"type":"WEB","url":"https://bugs.launchpad.net/ironic/+bug/2154288"},{"type":"WEB","url":"https://opendev.org/openstack/ironic"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50589.json"},{"type":"WEB","url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0099"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-50589"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50589.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50589"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485353"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/ironic","events":[{"introduced":"e6837c8c3308cb9688888ef54fdb7c29959412e9"},{"fixed":"31a6daca48fee0c75e84562ed7bd46d03a3006e4"}],"database_specific":{"extracted_events":[{"introduced":"32.0.0"},{"fixed":"37.0.0"}],"cpe":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}},{"type":"GIT","repo":"https://opendev.org/openstack/ironic","events":[{"introduced":"0"},{"fixed":"31a6daca48fee0c75e84562ed7bd46d03a3006e4"}],"database_specific":{"extracted_events":[{"introduced":"32"},{"fixed":"37.0.0"}],"source":"DESCRIPTION"}}],"versions":["36.0.0","35.0.0","34.0.0","33.0.0","32.0.0","31.0.0","30.0.0","29.0.0","28.0.0","27.0.0","26.1.0","26.0.0","25.0.0","24.1.0","24.0.0","23.1.0","23.0.0","22.1.0","bugfix-22.0-eol","22.0.0","21.4.0","21.2.0","21.3.0","21.1.0","21.0.0","20.2.0","20.1.0","20.0.0","19.0.0","18.2.0","18.1.0","18.0.0","17.0.0","16.2.0","16.1.0","16.0.0","15.2.0","15.1.0","15.0.0","14.0.0","13.0.0","12.2.0","12.1.0","12.0.0","11.1.0","11.0.0","10.1.0","10.0.0","9.2.0","9.0.0","8.0.0","7.0.0","6.2.0","6.1.0","6.0.0","5.1.0","5.0.0","4.3.0","4.2.0","4.1.0","4.0.0","2015.1.0rc1","2015.1.0b3","2015.1.0b2","2015.1.0b1","2014.2.rc1","2014.2.b3","2014.2.b2","2014.2.b1","2014.1.rc1","2014.1.b3","2014.1.b2","2014.1.b1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50589.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}