CVE-2026-49299

🗓️ 28 May 2026 21:53:03Reported by mitreType

CVE-2026-49299: Neutron tag policy mismatch lets project reader create and update tags on same-project resources.

Reporter	Title	Published	Views	Family All 11
CNNVD	OpenStack Neutron 安全漏洞	28 May 202600:00	–	cnnvd
CVE	CVE-2026-49299	28 May 202621:53	–	cve
Debian CVE	CVE-2026-49299	28 May 202621:53	–	debiancve
EUVD	EUVD-2026-33074	29 May 202600:38	–	euvd
NVD	CVE-2026-49299	28 May 202622:17	–	nvd
OSV	DEBIAN-CVE-2026-49299	28 May 202622:17	–	osv
OSV	UBUNTU-CVE-2026-49299	28 May 202622:17	–	osv
Positive Technologies	PT-2026-44555	28 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-49299	8 Jun 202602:58	–	redhatcve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-49299	29 May 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "Neutron",
    "repo": "https://opendev.org/openstack/neutron",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "26.0.4",
        "status": "affected",
        "version": "26.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "27.0.3",
        "status": "affected",
        "version": "27.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "28.0.1",
        "status": "affected",
        "version": "28.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
openwall	www.openwall.com/lists/oss-security/2026/05/28/8
review	www.review.opendev.org/c/openstack/neutron/+/989099
bugs	www.bugs.launchpad.net/bugs/2150132

28 May 2026 21:53Current

CVSS 45.3

EPSS0.00246

CWE-863