CVE-2026-54423
HIGH
NVD
CVSS Score
8.2
Severity
HIGH
Published
Jul 10, 2026
Vendor
unknown
Description
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.