Skip to main content

OpenStack Ironic EUVDEUVD-2026-34774

| CVE-2026-50589 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-04 mitre GHSA-q3g8-rjrx-59ph
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Unauthenticated remote JSON payload crashes the service with no user interaction, no confidentiality or integrity impact, only high availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 16, 2026 - 20:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 16, 2026 - 20:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 16, 2026 - 20:22 vuln.today
cvss_changed
Severity Changed
Jun 16, 2026 - 20:22 NVD
MEDIUM HIGH
CVSS changed
Jun 16, 2026 - 20:22 NVD
5.3 (MEDIUM) 7.5 (HIGH)
Analysis Generated
Jun 05, 2026 - 00:31 vuln.today

DescriptionNVD

In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.

AnalysisAI

Denial of service in OpenStack Ironic versions 32 through 35.0.1 allows remote unauthenticated attackers to crash the bare-metal provisioning service by submitting a crafted JSON payload to certain API or JSON-RPC endpoints. CVSS 7.5 reflects high availability impact with no authentication required, though EPSS is only 0.04% (12th percentile) and SSVC marks exploitation as 'none' - no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Ironic API or JSON-RPC endpoint
Delivery
Craft malicious JSON payload
Exploit
Send unauthenticated request to vulnerable endpoint
Execution
Trigger unbounded resource consumption (CWE-770)
Persist
Crash Ironic service process
Impact
Disrupt bare-metal provisioning availability

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to either the Ironic REST API or the JSON-RPC service on an OpenStack deployment running Ironic version 32 through 35.0.1, and the ability to submit a crafted JSON body to one of the affected endpoints; no authentication, user interaction, or non-default configuration is needed per CVSS AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals diverge meaningfully here: CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) frames this as a high-severity remotely reachable DoS, and SSVC flags it as automatable with partial technical impact, both of which argue for prompt patching in environments where the Ironic API or JSON-RPC port is reachable by untrusted networks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to the Ironic API or JSON-RPC port sends a single crafted JSON request to a vulnerable endpoint without authenticating, causing the Ironic service process to crash and halting bare-metal provisioning and node management until the daemon is restarted. Repeated submissions can keep the service unavailable, disrupting tenant deployments and any automation that depends on Ironic. …
Remediation Upstream fix available per OSSN-0099 and the Launchpad bug; a released patched version is not independently confirmed from the input data, so operators should consult OSSN-0099 (https://wiki.openstack.org/wiki/OSSN/OSSN-0099) and the Ironic stable branch advisories to identify the specific 35.0.x or later point release that contains the fix and upgrade accordingly. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all OpenStack Ironic deployments; confirm which systems run versions 32, 33, 34, or 35.0.1; document network exposure of API and JSON-RPC endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate

Share

EUVD-2026-34774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy