{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-40213", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-05-08T15:47:07.733Z", "dateReserved": "2026-04-10T00:00:00.000Z", "datePublished": "2026-05-07T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cyborg", "vendor": "OpenStack", "versions": [{"lessThan": "14.0.1", "status": "affected", "version": "5.0.0", "versionType": "semver"}, {"lessThan": "15.0.1", "status": "affected", "version": "15.0.0", "versionType": "semver"}, {"lessThan": "16.0.1", "status": "affected", "version": "16.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-08T15:47:07.733Z"}, "references": [{"url": "https://bugs.launchpad.net/openstack-cyborg/+bug/2143263"}, {"url": "https://www.openwall.com/lists/oss-security/2026/05/07/6"}, {"url": "https://security.openstack.org/ossa/OSSA-2026-011.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-08T13:55:42.638626Z", "id": "CVE-2026-40213", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-08T13:55:55.552Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40213", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-08T13:55:42.638626Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-08T13:55:49.768Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenStack", "product": "Cyborg", "versions": [{"status": "affected", "version": "5.0.0", "lessThan": "14.0.1", "versionType": "semver"}, {"status": "affected", "version": "15.0.0", "lessThan": "15.0.1", "versionType": "semver"}, {"status": "affected", "version": "16.0.0", "lessThan": "16.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugs.launchpad.net/openstack-cyborg/+bug/2143263"}, {"url": "https://www.openwall.com/lists/oss-security/2026/05/07/6"}, {"url": "https://security.openstack.org/ossa/OSSA-2026-011.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-08T15:47:07.733Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40213", "state": "PUBLISHED", "dateUpdated": "2026-05-08T15:47:07.733Z", "dateReserved": "2026-04-10T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-05-07T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC."}], "id": "CVE-2026-40213", "lastModified": "2026-05-08T16:16:10.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-05-07T22:16:34.910", "references": [{"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/openstack-cyborg/+bug/2143263"}, {"source": "cve@mitre.org", "url": "https://security.openstack.org/ossa/OSSA-2026-011.html"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2026/05/07/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,14.0.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[15.0.0,15.0.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[16.0.0,16.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Cyborg", "source": "cna", "vendor": "OpenStack"}, "product": "cyborg", "vendor": "openstack"}], "created": "2026-05-08T00:00:12.803850+00:00", "title": "Unrestricted API Access Enables Unauthorized FPGA Reprogramming in OpenStack Cyborg", "updated": "2026-05-10T21:26:32.309251+00:00", "vendors": ["openstack", "openstack$PRODUCT$cyborg"]}