ironic
PyPI5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ironicpage 1 of 1
- CVE-2016-4985HIGHCVSS 7.5EG 7.5✓ Fixed in 5.1.22016-07-12
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card be…
- CVE-2024-47211MEDIUMCVSS 5.3EG 5.32024-10-04
vulnerable: 0.0 ... 9.1.7 (71 versions)
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw f…
- CVE-2025-44021LOWCVSS 2.8EG 2.8✓ Fixed in 29.0.12025-05-08
vulnerable: 0.0 ... 26.1.2 (95 versions)
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable …
- CVE-2026-42510MEDIUMCVSS 6.6EG 6.62026-04-28
vulnerable: 0.0 ... 9.1.7 (89 versions)
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
- CVE-2026-44919MEDIUMCVSS 4.3EG 4.32026-05-14
vulnerable: 0.0 ... 9.1.7 (114 versions)
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
Check whether ironic is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ironic CVEs against the assets you own.
Start Free Scan →