CVE-2026-50589NVD

Vulnerability Summary

In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.

Severity Level

MEDIUM(5.3)

Published Date

Jun 5, 2026

Last Modified

Jun 5, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-770: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityLow

External References

https://bugs.launchpad.net/ironic/+bug/2154288