Openstack Cyborg
2 CVEs affecting Openstack Cyborg. Latest disclosed: 2026-05-07. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40213 | High | 7.4 | 2026-05-07 | OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request ca… |
CVE-2026-40214 | Medium | 6.3 | 2026-05-07 | In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is… |