OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
High severity
GitHub Reviewed
Published
May 8, 2026
to the GitHub Advisory Database
•
Updated May 13, 2026
Description
Published by the National Vulnerability Database
May 7, 2026
Published to the GitHub Advisory Database
May 8, 2026
Reviewed
May 13, 2026
Last updated
May 13, 2026
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC.
References