VYPR
High severity7.7NVD Advisory· Published May 5, 2026· Updated May 7, 2026

CVE-2026-42997

CVE-2026-42997

Description

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ironic-python-agentPyPI
>= 33.0.0, < 35.0.135.0.1
ironic-python-agentPyPI
>= 30.0.0, < 32.0.132.0.1
ironic-python-agentPyPI
>= 27.0.0, < 29.0.529.0.5
ironic-python-agentPyPI
< 26.1.626.1.6

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.