Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.
AnalysisAI
OpenStack Cyborg allows any authenticated user to reprogram FPGA bitstreams and execute privileged operations across arbitrary compute nodes due to unconditional authorization bypass in multiple API endpoints. Versions before 16.0.1 use rule:allow as the default policy, permitting any valid Keystone token holder-even users with zero role assignments-to perform administrative actions including FPGA reconfiguration via agent RPC. EPSS data not available, but the authentication bypass combined with scope change (CVSS S:C) and hardware manipulation capabilities represents significant risk in multi-tenant OpenStack deployments.
Technical ContextAI
OpenStack Cyborg is the lifecycle management service for hardware accelerators (FPGAs, GPUs, cryptographic accelerators) in OpenStack clouds. The vulnerability stems from CWE-863 (Incorrect Authorization) where the default policy engine configuration uses 'rule:allow' with check string '@' for multiple API endpoints. In OpenStack's policy framework, this pattern bypasses role-based access control (RBAC) entirely, treating any authenticated Keystone token as sufficient authorization regardless of project membership, domain scope, or assigned roles. The impact extends to agent RPC calls that control physical accelerator hardware, allowing unauthorized bitstream programming-essentially reprogramming the logic gates of FPGAs attached to compute nodes. This creates both a privilege escalation path and a potential hardware-level attack surface in Infrastructure-as-a-Service environments where accelerator resources should be strictly isolated between tenants.
RemediationAI
Upgrade OpenStack Cyborg to version 16.0.1 or later, which implements proper role-based access control policies replacing the unconditional rule:allow defaults. The fix restricts API endpoints to appropriate roles such as 'admin', 'service', or project-scoped member roles as documented in OpenStack's policy-in-code framework. For environments unable to upgrade immediately, implement compensating controls by manually editing Cyborg's policy.yaml or policy.json configuration file to replace '@' check strings with role-based rules such as 'role:admin' or 'role:service' for administrative endpoints-consult the upstream patch at Launchpad bug 2143263 for specific policy changes. This manual remediation requires Cyborg service restart and careful testing as overly restrictive policies may break legitimate accelerator provisioning workflows. Network-level mitigation is insufficient because the vulnerability is exploitable by any authenticated OpenStack user, including legitimate tenant accounts. Defense-in-depth measures include auditing Keystone token issuance logs for accounts with minimal role assignments making Cyborg API calls, and restricting Cyborg API endpoint network access to internal management networks only (though this does not prevent abuse by compromised tenant VMs with management network access). Full vendor details at https://bugs.launchpad.net/openstack-cyborg/+bug/2143263 and security mailing list discussion at https://www.openwall.com/lists/oss-security/2026/05/07/6.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28455
GHSA-mm7j-mhhj-hj36