Improper access control in openstack-neutron - CVE-2026-50266
Published: June 18, 2026
Vulnerability identifier: #VU134852
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-50266
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Openstack
Affected software:
openstack-neutron
openstack-neutron
Detailed vulnerability description
The vulnerability allows a remote user to bypass anti-spoofing and security group protections.
The vulnerability exists due to improper access control in Neutron default port RBAC rules when creating or updating a port on a shared network owned by another project. A remote user can set the device_owner field to a trusted network-service value such as network:dhcp to bypass anti-spoofing and security group protections.
Exploitation requires project manager permissions and affects shared networks owned by another project. Depending on backend and deployment, the impact may vary.
How to mitigate CVE-2026-50266
Install security update from vendor's website.