PYSEC-2026-2526

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ironic-python-agent/PYSEC-2026-2526.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2526
Aliases
Published
2026-07-13T15:15:38.280049Z
Modified
2026-07-13T16:31:57.972304559Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
OpenStack Ironic has an Incorrect Resource Transfer Between Spheres
Details

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.

References

Affected packages

PyPI / ironic-python-agent

Package

Name
ironic-python-agent
View open source insights on deps.dev
Purl
pkg:pypi/ironic-python-agent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.1.6
Introduced
27.0.0
Fixed
29.0.5
Introduced
30.0.0
Fixed
32.0.1
Introduced
33.0.0
Fixed
35.0.1

Affected versions

0.*
0.0.1
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
3.*
3.0.0
3.1.0
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.5.0
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.7.0
4.*
4.0.0
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
6.*
6.0.0
6.1.0
6.1.1
6.1.2
6.1.3
6.2.0
6.3.0
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
7.*
7.0.0
7.0.1
7.0.2
7.1.0
8.*
8.0.0
8.1.0
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.4.0
8.5.0
8.5.1
8.5.2
8.5.3
8.6.0
9.*
9.0.0
9.1.0
9.1.1
9.2.0
9.3.0
9.4.0
9.4.1
9.4.2
9.4.3
9.5.0
9.6.0
9.7.0
9.7.1
9.7.2
9.7.3
9.8.0
9.9.0
9.10.0
9.11.0
9.11.1
9.11.2
9.11.3
9.12.0
9.13.0
9.14.0
9.14.1
10.*
10.0.0
10.1.0
10.2.0
10.2.1
10.2.2
11.*
11.0.0
11.1.0
11.2.0
11.3.0
11.4.0
11.5.0
11.6.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ironic-python-agent/PYSEC-2026-2526.yaml"