Description
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.
Published: 2026-05-07
Score: 7.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenStack Cyborg prior to version 16.0.1 employs a default policy rule that authorizes any request possessing a valid Keystone token, without evaluating the user’s role, project membership, or scope. This unconditional allowance enables an authenticated user who has no role assignments to carry out privileged operations, such as reprogramming FPGA bitstreams on compute nodes through the agent RPC interface. The vulnerability stems from a misconfigured access control policy (CWE‑863) and can lead to significant loss of integrity and control over infrastructure components.

Affected Systems

The affected system is OpenStack Cyborg, a project within the OpenStack ecosystem. All releases older than 16.0.1 inherit the default permissive policy and are therefore vulnerable.

Risk and Exploitability

The CVSS score of 7.4 categorizes this flaw as high severity. Although the EPSS score is not available, the lack of a KEV listing indicates that the vulnerability is not in the current known exploited list, yet the possibility of exploitation remains. The likely attack vector is the public API; once an attacker obtains a valid token—such as through legitimate authentication—the exploit can proceed without further privilege checks. If additional network isolation of CPM endpoints is not in place, the risk of unintended hardware reprogramming rises.

Generated by OpenCVE AI on May 7, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the OpenStack Cyborg update to version 16.0.1 or later, which replaces the default @ rule with a stricter policy.
  • Modify the policy file to replace or remove the allow rule for the affected endpoints, enforcing role and scope checks for API access.
  • Conduct a comprehensive policy audit to verify that all API endpoints require appropriate roles and that no custom rules unintentionally re‑enable permissive access.

Generated by OpenCVE AI on May 7, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Unrestricted API Access Enables Unauthorized FPGA Reprogramming in OpenStack Cyborg

Thu, 07 May 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-07T21:57:41.910Z

Reserved: 2026-04-10T00:00:00.000Z

Link: CVE-2026-40213

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-07T22:16:34.910

Modified: 2026-05-07T22:16:34.910

Link: CVE-2026-40213

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T00:00:12Z

Weaknesses