CVE-2026-40213_CVE-2026-40213

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Description

OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.

Basic Information

ID CVE-2026-40213

Source mitre

Published May 7, 2026 at 00:00

Modified May 7, 2026 at 21:57

Affected Product

Vendor OpenStack

Product Cyborg

Version 5.0.0

Affected Versions OpenStack Cyborg 5.0.0
OpenStack Cyborg 15.0.0
OpenStack Cyborg 16.0.0

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.",
    "published": "2026-05-07T00:00:00.000Z",
    "modified": "2026-05-07T21:57:41.910Z",
    "type": "cve",
    "title": "CVE-2026-40213",
    "source": "mitre",
    "references": "https://bugs.launchpad.net/openstack-cyborg/+bug/2143263\nhttps://www.openwall.com/lists/oss-security/2026/05/07/6",
    "id": "CVE-2026-40213",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "OpenStack Cyborg 5.0.0\nOpenStack Cyborg 15.0.0\nOpenStack Cyborg 16.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cyborg",
    "version": "5.0.0",
    "vendor": "OpenStack",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}