CVE-2026-42997 Overview
CVE-2026-42997 is a credential exposure vulnerability in the idrac driver of OpenStack Ironic before version 35.0.1. During the import of molds, an authenticated user can request that authorization credentials be sent to a remote endpoint of their choosing. The forwarded credential is either a time-limited Keystone token granting access to all OpenStack services Ironic is authorized for, or basic credentials configured for molds storage. This exposure constitutes an Improper Resource Exposure flaw [CWE-669].
Critical Impact
An authenticated attacker can capture Keystone tokens or basic auth credentials and pivot to any OpenStack service Ironic can access.
Affected Products
- OpenStack Ironic versions before 26.1.6
- OpenStack Ironic 27.x through 29.0.4
- OpenStack Ironic 30.x through 32.0.0 and 33.x through 35.0.0
Discovery Timeline
- 2026-05-05 - CVE-2026-42997 published to NVD with OpenStack Security Advisory OSSA-2026-010
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-42997
Vulnerability Analysis
The flaw resides in the idrac driver's mold import workflow within OpenStack Ironic. Molds are configuration templates used to provision baremetal servers managed through the Integrated Dell Remote Access Controller (iDRAC). When a user invokes mold import, the API accepts a remote endpoint parameter that controls where authorization headers are transmitted.
Ironic forwards one of two credential types to the attacker-supplied endpoint. The first is a Keystone authentication token, which grants access to every OpenStack service Ironic is authorized to invoke. The second is the basic authentication credential pair configured for the mold storage backend. Either credential allows an attacker to impersonate the Ironic service or access the mold storage directly.
This behavior maps to [CWE-669] Incorrect Resource Transfer Between Spheres, where sensitive material crosses a trust boundary into an attacker-controlled domain. The scope changes from the requesting user's authorization to the broader Ironic service authorization, amplifying impact.
Root Cause
The idrac mold import handler does not validate or restrict the destination endpoint before attaching authorization headers. User-controlled input determines the recipient of credentials intended only for trusted internal storage systems.
Attack Vector
An authenticated user with permission to invoke mold operations submits an import request specifying a remote endpoint they control. Ironic dispatches an HTTP request to that endpoint with a Keystone token or basic credentials attached. The attacker captures the credential and replays it against OpenStack APIs or the mold storage backend.
No synthetic exploit code is published. See OSSA-2026-010 and the Openwall OSS Security discussion for technical details.
Detection Methods for CVE-2026-42997
Indicators of Compromise
- Ironic conductor logs showing outbound HTTP requests to unexpected or external hosts during idrac mold import operations.
- Keystone audit events recording token usage from IP addresses outside the OpenStack control plane.
- Mold import API calls referencing remote endpoints that do not match approved internal storage URLs.
Detection Strategies
- Audit ironic-conductor logs for import_configuration_molds invocations and correlate the destination URL against an allowlist of trusted storage endpoints.
- Monitor Keystone token issuance for the Ironic service account and flag tokens used from non-Ironic source addresses.
- Inspect egress network flows from Ironic conductor nodes for connections to non-RFC1918 destinations not associated with managed BMCs.
Monitoring Recommendations
- Forward Ironic API and conductor logs to a centralized SIEM and alert on mold import requests with externally-resolvable target URLs.
- Track changes to the [molds] configuration section in ironic.conf and alert on credential or endpoint modifications.
- Establish a baseline of legitimate mold storage endpoints and alert when traffic deviates from that baseline.
How to Mitigate CVE-2026-42997
Immediate Actions Required
- Upgrade OpenStack Ironic to a fixed release: 26.1.6, 29.0.5, 32.0.1, or 35.0.1 depending on your maintenance branch.
- Rotate any Keystone credentials and basic authentication secrets used by the Ironic mold storage backend after patching.
- Restrict the baremetal:node:import and related mold policies to trusted operators only until patching is complete.
Patch Information
The OpenStack Ironic project published fixed packages in versions 26.1.6, 29.0.5, 32.0.1, and 35.0.1. Operators should consult OSSA-2026-010 for the upstream patch references and distribution-specific backports.
Workarounds
- Disable the idrac hardware type in ironic.conf if iDRAC-managed baremetal nodes are not in use.
- Tighten the Ironic API policy file to deny mold import operations for non-administrative roles.
- Place egress filtering on Ironic conductor hosts to block outbound HTTP requests to destinations outside the managed BMC network.
# Example: restrict enabled hardware types and tighten policy
# /etc/ironic/ironic.conf
[DEFAULT]
enabled_hardware_types = ipmi,redfish
# /etc/ironic/policy.yaml
"baremetal:node:import": "role:admin and system_scope:all"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
