Auth bypass in Openstack Neutron
CVE-2026-49299
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default pol…
Vulnerability class: Broken Access Control
EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.
Affected products
- Openstack Neutron — versions 26.0.0, 27.0.0, 28.0.0
Weakness classification (CWE)
References
- cve@mitre.org (issue-tracking)
- cve@mitre.org (patch)
- cve@mitre.org
- af854a3a-2127-422b-91ae-364da2661108