PatchSiren cyber security CVE debrief

CVE-2026-50589 OpenStack CVE debrief

CVE-2026-50589 is a vulnerability in OpenStack Ironic 32 before 37.0.0. An unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. The CVSS score for this vulnerability is 5.3, and the severity is MEDIUM.

Vendor: OpenStack
Product: Ironic
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-05
Original CVE updated: 2026-06-09
Advisory published: 2026-06-05
Advisory updated: 2026-06-09

Who should care

Users of OpenStack Ironic 32 before 37.0.0 should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability exists in OpenStack Ironic 32 before 37.0.0. An unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Defensive priority

MEDIUM

Recommended defensive actions

Update to OpenStack Ironic 37.0.0 or later
Restrict access to API and JSON-RPC services

Evidence notes

The CVE record was published on 2026-06-05T00:17:09.213Z and modified on 2026-06-09T16:16:43.850Z. The vulnerability was reported via Launchpad and OpenStack OSSN.

Official resources

CVE-2026-50589 CVE record
CVE.org
CVE-2026-50589 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

CVE-2026-50589 was published on 2026-06-05T00:17:09.213Z and modified on 2026-06-09T16:16:43.850Z.