CVE-2026-50266
LOW
2,2
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
Description
AI Translation Available
In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has 'network:' at the beginning ('network:dhcp' for example). The default port RBAC policies incorrectly included PROJECT_MANAGER without requiring network ownership, allowing any project manager to obtain trusted network-service port behavior on shared networks. Depending on backend and deployment, this can bypass anti-spoofing and security group protections, enabling DHCP, MAC, or IP spoofing against other tenants on the shared network. This is a regression of CVE-2015-5240 (OSSA-2015-018).
863
Incorrect Authorization
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Availability
Potential Impacts:
Read Application Data
Read Files Or Directories
Modify Application Data
Modify Files Or Directories
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Applicable Platforms
Technologies:
Web Server, Database Server, Not Technology-Specific
https://bugs.launchpad.net/neutron/+bug/2152115
https://launchpad.net/bugs/2152115
https://review.opendev.org/990273
https://review.opendev.org/990353
https://review.opendev.org/990356
https://www.openwall.com/lists/oss-security/2026/06/04/6