CVE-2026-40214

MEDIUM
Published May 7, 2026 Modified May 8, 2026 CWE-282

Description

In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgi decorator compares the caller's project_id with itself rather than the target resource). Any authenticated non-admin user can complete various actions such as deleting ARQs bound to other projects' instances, aka cross-tenant denial of service.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS — Exploit Prediction

0.0004
Probability of exploitation
0.11%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-282 CWE-282

References

Frequently Asked Questions

What is CVE-2026-40214? +
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgi decorator compares the caller's project_id with itself rather than the target resource). Any authenticated non-admin user can complete various actions such as deleting ARQs bound to other projects' instances, aka cross-tenant denial of service. It has a CVSS v3.1 base score of 6.3 (MEDIUM).
How severe is CVE-2026-40214? +
CVE-2026-40214 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0004, placing it in the 0th percentile for exploitation probability.
How do I check if I'm vulnerable to CVE-2026-40214? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated …
CVE-2025-27254 8.0

CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled …
CVE-2024-37999 7.8

A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with …
CVE-2024-39755 7.8

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file …
CVE-2025-57732 7.5

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
CVE-2024-3383 7.4

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2026-40214 — free, no signup required.

Start Free Scan