Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN643 _____________________________________________________________________ DATE : 17/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Ironic versions prior to 29.0.6, 32.0.2, 35.0.2, 37.0.1, ironic-python-agent versions prior to 10.2.3, 11.2.1, 11.5.1. ===================================================================== https://security.openstack.org/ossa/OSSA-2026-023.html https://wiki.openstack.org/wiki/OSSN/OSSN-0100 _____________________________________________________________________ OSSA-2026-023: Sensitive properties returned unredacted in POST and PATCH HTTP responses Date: June 16, 2026 CVE: CVE-2026-54421 Affects Ironic: >=17.0.0 <29.0.6, >=30.0.0 <32.0.2, >=33.0.0 <35.0.2, >=36.0.0 <37.0.1 Description Tuomo Tanskanen (Ericsson Software Technology) and Dmitry Tantsur (Red Hat) of the Metal3.io Security Team discovered a vulnerability in Ironic API RBAC handling, where a user with a valid token and credentials to send a POST or PATCH request to /v1/volume/targets can have potentially sensitive properties returned in the response unredacted, such as iSCSI credentials. Patches https://review.opendev.org/c/openstack/ironic/+/992335 (2023.1/antelope (unmaintained)) https://review.opendev.org/c/openstack/ironic/+/992333 (2024.1/caracal (unmaintained)) https://review.opendev.org/c/openstack/ironic/+/992326 (2025.1/epoxy) https://review.opendev.org/c/openstack/ironic/+/992325 (2025.2/flamingo) https://review.opendev.org/c/openstack/ironic/+/992321 (2026.1/gazpacho) https://review.opendev.org/c/openstack/ironic/+/990430 (2026.2/hibiscus (development)) https://review.opendev.org/c/openstack/ironic/+/992323 (Bugfix/33.0) https://review.opendev.org/c/openstack/ironic/+/992322 (Bugfix/34.0) Credits Tuomo Tanskanen from Ericsson Software Technology Dmitry Tantsur from Red Hat References https://bugs.launchpad.net/ironic/+bug/2155049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-54421 Notes The vulnerable code path has existed since Ironic 9.0.0 (OpenStack Pike), however, this could only be considered an escalation of privileges after Ironic 17.0.0 (OpenStack Wallaby), when Ironic introduced the ability for project-scoped users to interact via the owner/lessee model. Branches for 2024.1 (caracal) and 2023.1 (antelope) are unmaintained. Patches are provided as a courtesy. Releases 2023.2 (bobcat) and 2024.2 (dalmatian) are end of life and have not had patches provided. See https://releases.openstack.org for more information on supported releases. Ironic bugfix branch patches will be available in git for interested operators. We will not perform an additional release from these branches. _____________________________________________________________________ OSSN/OSSN-0100 < OSSN Sommaire 1 OSSN-0100 1.1 Command Injection in IPA via chroot Execution of Tenant-Controlled binaries 1.1.1 Summary 1.1.2 Affected Services / Software 1.1.3 Discussion 1.1.4 Recommended Actions 1.1.4.1 Patches 1.1.4.1.1 Ironic 1.1.4.1.2 Ironic Python Agent 1.1.5 Credits 1.1.6 Contacts / References OSSN-0100 Command Injection in IPA via chroot Execution of Tenant-Controlled binaries Summary Tuomo Tanskanen (Ericsson Software Technology) and Dmitry Tantsur (Red Hat) from the Metal3.io Security Team reported a vulnerability in Ironic Python Agent (IPA) when deploying a partition image that lacks boot artifacts. A malicious partition image can include crafted grub-install binary or other arbitrary binaries in the chroot path which IPA executes on the provisioning network host. This affects all partition images that require Ironic to manage the bootloader installation (BIOS-booted nodes without boot artifacts). The practical impact is limited; the attacker needs the ability to supply a partition image for bare-metal deployment and at the point of exploitation, IPA holds only an outdated agent_token and a heavily redacted node object. Whole disk images are not affected and partition images that include their own EFI boot artifacts at /boot and /efi are also not affected as Ironic copies them without executing grub-install. Affected Services / Software ironic: <29.0.6, >=30.0.0 <32.0.2, >=33.0.0 <35.0.2, >=36.0.0 <37.0.0 ironic-python-agent: <10.2.3, >=11.0.0 <11.2.1, >=11.3.0 <11.5.1 Discussion As it is not feasible to secure execution of a bootloader install binary due to technical limitations, the Ironic team has chosen to make this feature optional and disabled by default in the current development version. Backported versions of this change do not enable this restriction by default to avoid breaking existing installations. The vulnerable code path has existed for the entirety of the history of Ironic Python Agent, however, there are safeguards in place to prevent escalation of privileges from the provisioning network. Additionally, prior to Ironic 17.0.0, only cloud administrators could supply images for deployment, limiting the impact of this issue. Recommended Actions Apply the provided Ironic and Ironic-Python-Agent patches. Evaluate your use cases; flip ``CONF.agent.enable_bios_bootloader_install`` to ``False`` on Ironic conductors once confirming you are not using any partition images relying on a bootloader installation. Patches The following reviews contain the fix for this issue: Ironic 2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic/+/990724 2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic/+/991179 2025.2/flamingo: https://review.opendev.org/c/openstack/ironic/+/993685 2025.1/epoxy: https://review.opendev.org/c/openstack/ironic/+/993684 2024.1/caracal (unmaintained): https://review.opendev.org/c/openstack/ironic/+/993686 2023.1/antelope (unmaintained): https://review.opendev.org/c/openstack/ironic/+/993687 bugfix/33.0: https://review.opendev.org/c/openstack/ironic/+/993682 bugfix/34.0: https://review.opendev.org/c/openstack/ironic/+/993683 bugfix/37.0: Ironic 37.0.0 is not vulnerable. Ironic Python Agent 2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic-python-agent/+/987391 2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic-python-agent/+/993016 2025.2/flamingo: https://review.opendev.org/c/openstack/ironic-python-agent/+/993020 2025.1/epoxy: https://review.opendev.org/c/openstack/ironic-python-agent/+/993024 2024.1/caracal (unmaintained): https://review.opendev.org/c/openstack/ironic-python-agent/+/993025 2023.1/antelope (unmaintained): https://review.opendev.org/c/openstack/ironic-python-agent/+/993026 bugfix/11.3: https://review.opendev.org/c/openstack/ironic-python-agent/+/993464 bugfix/11.4: https://review.opendev.org/c/openstack/ironic-python-agent/+/993463 bugfix/11.6: IPA 11.6.0 is not vulnerable. Credits Dmitry Tantsur, Red Hat Tuomo Tanskanen, Ericsson Software Technology Metal3.io Security Team Contacts / References Authors: Jay Faulkner, G-Research Open Source Software (GR-OSS) This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0100 Original Launchpad bug: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310 Mailing List : [security-sig] tag on openstack-discuss@lists.openstack.org OpenStack Security : https://security.openstack.org/ CVE: CVE-2026-43003 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================