CVE Catalog
CVE-2026-50589
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.43%
35th percentile - higher than 35% of all known CVEs
Summary
In OpenStack Ironic versions 32 through 36.x before 37.0.0, an unauthenticated attacker can submit a crafted JSON string to certain API or JSON-RPC endpoints, causing a service crash.
Risk Assessment
The risk is a potential Denial of Service (DoS) attack on the Ironic service, which can disrupt bare metal management in an OpenStack cloud.
Recommendation
It is recommended to immediately upgrade OpenStack Ironic to version 37.0.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.

