CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-50031: ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem c

highCVSS 7.5CVE-2026-50031

CSIRTS triage

vendor: FreeIPMIproduct: FreeIPMIOtheraffected: before 1.6.18
What
There are exploitable buffer overflows on response messages in ipmi-oem.
Who is affected
Deployments using FreeIPMI versions before 1.6.18.
Urgency
Remediation is high urgency due to the high severity of the issue.
Action
Upgrade to FreeIPMI version 1.6.18 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch FreeIPMI

Get an email when a new FreeIPMI advisory drops — max one per day, one-click unsubscribe.

Details

Source
Microsoft Security Response Center (INTL · vendor-psirt · site)
Severity
high — CVSS 7.5
Published
2026-06-09
Exploitation
Not in CISA KEV at last sync

Original advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50031

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-50031coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Microsoft Security Response Center