CVE-2026-50589
5.3 MEDIUMIn OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API o...
Published: 2026-06-05 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-770
Description
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53781 — Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving med... (4.3 MEDIUM)
- CVE-2026-45802 — FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF
- CVE-2026-44488 — Axios is a promise based HTTP client for the browser and Node.js (7.5 HIGH)
- CVE-2026-7250 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (7.5 HIGH)
- CVE-2026-53423 — Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenticated denial...