CVE-2026-40213

Summary

OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.

Affected Software

VendorProductVersion RangeStatus
OpenStackCyborg5.0.0 < 14.0.1affected
OpenStackCyborg15.0.0 < 15.0.1affected
OpenStackCyborg16.0.0 < 16.0.1affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References