PYSEC-2026-216

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ironic/PYSEC-2026-216.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-216

Aliases

CVE-2026-50589

Published

2026-06-05T00:17:09.213Z

Modified

2026-06-17T19:30:04.961866309Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.

References

https://bugs.launchpad.net/ironic/+bug/2154288
http://www.openwall.com/lists/oss-security/2026/06/06/2
https://wiki.openstack.org/wiki/OSSN/OSSN-0099

Affected packages

PyPI / ironic

Package

Name: ironic; View open source insights on deps.dev
Purl: pkg:pypi/ironic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

32.0.0

Fixed

37.0.0

Affected versions

32.*

32.0.0

32.0.1

33.*

33.0.0

34.*

34.0.0

35.*

35.0.0

35.0.1

36.*

36.0.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/ironic/PYSEC-2026-216.yaml"