CVE-2026-42997
HIGHDescription
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1.
Is your site exposed to CVE-2026-42997?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-42997? +
How severe is CVE-2026-42997? +
How do I check if I'm vulnerable to CVE-2026-42997? +
Related Vulnerabilities
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable …
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the …
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if …
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that …
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides …
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process …