IBM OPENBMC, Denial of Service, CVE-2026-7254 (Medium) -DC-Jun2026-135

Listen to this Post

CVE-2026-7254 is a denial of service (DoS) vulnerability affecting IBM OpenBMC firmware versions FW1110.00 through FW1110.11. The flaw resides in how the BMC’s network services process incoming network traffic. Specifically, the BMC’s IPMI (Intelligent Platform Management Interface) or Redfish web service contains a weakness that allows an unauthenticated attacker to cause the BMC to become unresponsive.
The vulnerability is triggered by sending specially crafted network packets to the BMC. Because the BMC is designed to operate independently of the host system, it is always accessible over the network, making it a prime target for remote attacks. When an attacker sends a malformed request, the BMC’s service handler enters an infinite loop or attempts to allocate an unbounded amount of memory. This leads to a resource exhaustion condition, causing the BMC to crash or enter a wedged state.
The CVSS version 3.1 score for CVE-2026-7254 is 5.3 (MEDIUM) with the vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The attack complexity is low, and no privileges or user interaction are required. The impact is limited to availability (A:L), meaning the primary consequence is disruption of the BMC’s management functions.
In a successful attack, the BMC may stop responding to legitimate management requests, requiring a hard reset or power cycle to restore functionality. This can lead to downtime for the managed server, especially in data center environments where remote management is critical.
The vulnerability was discovered internally by IBM and publicly disclosed on May 27, 2026. IBM has released a patched firmware version FW1110.20 (1110_130) to address the issue. Users are strongly advised to upgrade to this version or later to mitigate the risk. In the absence of a patch, network-level access controls can be used to restrict communication with the BMC.
No public exploit code has been released at the time of writing, but the vulnerability is considered easy to trigger by a moderately skilled attacker. Administrators should treat the BMC’s network interface as a sensitive asset and apply the recommended updates immediately.

DailyCVE Form:

Platform: IBM OPENBMC
Version: FW1110.00-FW1110.11
Vulnerability: denial of service
Severity: Medium (5.3)
date: 2026-05-27

Prediction: Q3 2026

What Undercode Say:

Identify BMC on local network
nmap -p 80,443,623,664 192.168.1.0/24 --open
Attempt to trigger DoS using malformed IPMI packet
ipmitool -H 192.168.1.100 -U '' -P '' raw 0x06 0x52 0x00 0x00 0xFF 0xFF 0xFF 0xFF
Fuzz Redfish service with oversized payload
curl -X POST http://192.168.1.100/redfish/v1/SessionService/Sessions -d @/dev/zero --max-time 5
Monitor BMC availability after attack
while true; do ping -c1 192.168.1.100 || echo "BMC down"; sleep 1; done

How Exploit:

  • Send a series of malformed IPMI or Redfish requests to the BMC from an unauthenticated network position.
  • Requests cause resource exhaustion (e.g., CPU spin, memory leak) in the service handler.
  • BMC becomes unresponsive, requiring manual power cycle or hardware reset.

Protection:

  • Upgrade to IBM OpenBMC FW1110.20 (1110_130) or newer immediately.
  • Isolate BMC network interface behind a dedicated management VLAN or firewall.
  • Deploy network ACLs to restrict access to BMC ports (80,443,623,664) to trusted IPs only.

Impact:

  • Loss of remote management capabilities (KVM, virtual media, power control).
  • Potential server downtime if BMC is needed for recovery or monitoring.
  • In multi-tenant environments, a single exploited BMC can disrupt entire racks of servers.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top