CVE-2026-42510 — OpenStack Ironic through 25.0.0 allows ipmitool execution

/MEDIUM /CVSS 6.6/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-829
CVE-2026-42510 — OpenStack Ironic through 25.0.0 allows ipmitool execution

CVE-2026-42510 — OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface.

What This Means For You

  • If your environment is affected by CWE-829, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-42510 updates and patches.

Related ATT&CK Techniques

T1207 Rogue Domain Controller Privilege Escalation T1078.002 Valid Accounts: Domain Accounts Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1207 Privilege Escalation

CVE-2026-42510 - OpenStack Ironic ipmitool Execution via Console Interface

Sigma YAML — free preview 
title: CVE-2026-42510 - OpenStack Ironic ipmitool Execution via Console Interface
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
  Detects the execution of 'ipmitool' which is leveraged by CVE-2026-42510 in OpenStack Ironic. This rule specifically looks for 'ipmitool' being run in conjunction with 'openstack' and 'ironic' in the command line, indicating a potential exploitation of the vulnerability in a non-default configuration with a console interface.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-42510/
tags:
  - attack.privilege_escalation
  - attack.t1207
logsource:
    category: process_creation
detection:
  selection:
      Image|endswith:
          - 'ipmitool'
      CommandLine|contains:
          - 'openstack'
          - 'ironic'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-42510 vulnerability CVE-2026-42510
CWE-829 weakness CWE-829

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 28, 2026 at 09:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6521 — Denial of Service

CVE-2026-6521 — OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

vulnerabilityCVEmedium-severitydenial-of-servicecwe-835
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 1 Sigma

CVE-2026-6520 — Denial of Service

CVE-2026-6520 — OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

vulnerabilityCVEmedium-severitydenial-of-servicecwe-835
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6519 — Denial of Service

CVE-2026-6519 — MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

vulnerabilityCVEmedium-severitydenial-of-servicecwe-835
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma