High severity7.7NVD Advisory· Published May 5, 2026· Updated May 7, 2026
CVE-2026-42997
CVE-2026-42997
Description
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ironic-python-agentPyPI | >= 33.0.0, < 35.0.1 | 35.0.1 |
ironic-python-agentPyPI | >= 30.0.0, < 32.0.1 | 32.0.1 |
ironic-python-agentPyPI | >= 27.0.0, < 29.0.5 | 29.0.5 |
ironic-python-agentPyPI | < 26.1.6 | 26.1.6 |
Affected products
1Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.