Openbmc

This hub aggregates every CVE we track for Openbmc, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Openbmc.

• CVE-2026-7254Open BMC Denial of Service5.3May 27, 2026
• CVE-2024-35124IBM OpenBMC authentication bypass7.5Aug 13, 2024
• CVE-2024-41660slpd-lite unauthenticated memory corruption9.8Jul 31, 2024
• CVE-2024-31916IBM OpenBMC information disclosure7.5Jun 27, 2024
• CVE-2023-31189Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access.5.2Feb 14, 2024
• CVE-2023-32280Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.5.3Feb 14, 2024
• CVE-2021-39295In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.7.5Apr 15, 2023
• CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.7.5Feb 16, 2023
• CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via n...6.5Feb 16, 2023
• CVE-2022-22488IBM OpenBMC denial of service4.9Nov 18, 2022
• CVE-2022-3409Unauthenticated out of bounds stack write in bmcweb8.2Oct 27, 2022
• CVE-2022-2809Unauthenticated out of bounds heap write in bmcweb8.2Oct 27, 2022
• CVE-2021-38960IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.7.5Feb 4, 2022
• CVE-2021-38961IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...6.1Dec 27, 2021
• CVE-2021-39296In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.10.0Sep 9, 2021