CVE-2026-54421

Published: Giu 14, 2026 Last Modified: Giu 14, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security issue.

212

Improper Removal of Sensitive Information Before Storage or Transfer

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Files Or Directories Read Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://bugs.launchpad.net/ironic/+bug/2155049

CVE-2026-54421

Description

Improper Removal of Sensitive Information Before Storage or Transfer

Common Consequences

Applicable Platforms

Iscriviti alla newsletter