UBUNTU-CVE-2026-54423

Source
https://ubuntu.com/security/CVE-2026-54423
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-54423
Upstream
  • CVE-2026-54423
Published
2026-07-10T04:17:00Z
Modified
2026-07-15T19:47:41.209873995Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

References

Affected packages

Ubuntu:16.04:LTS
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*
1:4.2.0-0ubuntu1
1:4.3.0-0ubuntu1
1:5.*
1:5.1.0-0ubuntu1
1:5.1.2-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:5.1.2-0ubuntu1",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:5.1.2-0ubuntu1",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:5.1.2-0ubuntu1",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:5.1.2-0ubuntu1",
            "binary_name": "python-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"
Ubuntu:18.04:LTS
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:9.*
1:9.1.0-0ubuntu2
1:9.2.0-0ubuntu1
1:10.*
1:10.0.0-0ubuntu1
1:10.1.0-0ubuntu1
1:10.1.1-0ubuntu1
1:10.1.1-0ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:10.1.1-0ubuntu2",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:10.1.1-0ubuntu2",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:10.1.1-0ubuntu2",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:10.1.1-0ubuntu2",
            "binary_name": "python-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"
Ubuntu:20.04:LTS
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*
1:13.0.1-0ubuntu1
1:14.*
1:14.0.0~b1~git2019121713.76597ca93-0ubuntu1
1:14.0.0~b1~git2019121713.76597ca93-0ubuntu2
1:14.0.0-0ubuntu1
1:14.0.1~git2020032415.de2d907fc-0ubuntu1
1:14.0.1~git2020041013.af9e6ba90-0ubuntu2
1:15.*
1:15.0.0-0ubuntu0.20.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:15.0.0-0ubuntu0.20.04.1",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:15.0.0-0ubuntu0.20.04.1",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:15.0.0-0ubuntu0.20.04.1",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:15.0.0-0ubuntu0.20.04.1",
            "binary_name": "python3-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"
Ubuntu:22.04:LTS
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:18.*
1:18.2.0-0ubuntu1
1:18.2.0+git2021120910.cdc3b9538-0ubuntu1
1:19.*
1:19.0.0+git2022011216.7beadee46-0ubuntu1
1:20.*
1:20.0.0+git2022030313.4e6a3d52e-0ubuntu1
1:20.1.0-0ubuntu1
1:20.1.0-0ubuntu1.1
1:20.1.0-0ubuntu1.2
1:20.1.0-0ubuntu1.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:20.1.0-0ubuntu1.3",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:20.1.0-0ubuntu1.3",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:20.1.0-0ubuntu1.3",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:20.1.0-0ubuntu1.3",
            "binary_name": "python3-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"
Ubuntu:24.04:LTS
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:23.*
1:23.0.0-0ubuntu3
1:23.1.0+git2024011916.a374a0c1-0ubuntu1
1:24.*
1:24.1.0-0ubuntu1
1:24.1.1-0ubuntu1
1:24.1.1-0ubuntu1.2
1:24.1.1-0ubuntu1.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:24.1.1-0ubuntu1.3",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:24.1.1-0ubuntu1.3",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:24.1.1-0ubuntu1.3",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:24.1.1-0ubuntu1.3",
            "binary_name": "python3-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"
Ubuntu:25.10
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:29.*
1:29.0.0-0ubuntu1
1:30.*
1:30.0.0+git2025070713.577833d78-0ubuntu1
1:30.0.0+git2025070713.577833d78-0ubuntu2
1:32.*
1:32.0.0-0ubuntu1
1:32.0.0-0ubuntu1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:32.0.0-0ubuntu1.1",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:32.0.0-0ubuntu1.1",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:32.0.0-0ubuntu1.1",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:32.0.0-0ubuntu1.1",
            "binary_name": "python3-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"
Ubuntu:26.04:LTS
ironic

Package

Name
ironic
Purl
pkg:deb/ubuntu/ironic?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:32.*
1:32.0.0-0ubuntu1
1:34.*
1:34.0.0-0ubuntu1
1:35.*
1:35.0.0-0ubuntu1
1:35.0.0-0ubuntu2
1:35.0.0-0ubuntu2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:35.0.0-0ubuntu2.1",
            "binary_name": "ironic-api"
        },
        {
            "binary_version": "1:35.0.0-0ubuntu2.1",
            "binary_name": "ironic-common"
        },
        {
            "binary_version": "1:35.0.0-0ubuntu2.1",
            "binary_name": "ironic-conductor"
        },
        {
            "binary_version": "1:35.0.0-0ubuntu2.1",
            "binary_name": "python3-ironic"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-54423.json"