openstack-cyborg

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting openstack-cyborgpage 1 of 1

CVE-2026-40213HIGHCVSS 7.4EG 7.4✓ Fixed in 16.0.1
2026-05-07
vulnerable: 0.1.0 ... 9.0.0.0rc1 (47 versions)
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope.…
CVE-2026-40214MEDIUMCVSS 6.3EG 6.3✓ Fixed in 16.0.1
2026-05-07
vulnerable: 0.1.0 ... 9.0.0.0rc1 (47 versions)
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering…

Check whether openstack-cyborg is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for openstack-cyborg CVEs against the assets you own.

Start Free Scan →