VYPR

PyPI package

ironic-python-agent

pkg:pypi/ironic-python-agent

Vulnerabilities (2)

  • CVE-2026-42997HigMay 5, 2026
    affected >= 33.0.0, < 35.0.1fixed 35.0.1

    An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is

  • CVE-2026-43003HigMay 1, 2026
    affected >= 1.0.0, <= 11.5.0

    An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.