CVE-2026-49299

A flaw was found in OpenStack Neutron. The tagging controller incorrectly enforces plural policy action names for single-tag write operations, while the defined policy rules use singular names. This mismatch allows a project reader to bypass intended policy restrictions, enabling them to create a...

PT-2026-44555

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

CVE-2024-53916

A flaw was found in OpenStack Neutron. The service tagging policy engine insufficiently verifies the parent resource or the upper parent resource project ID when checking the policies against the caller project ID...

OpenStack Neutron 安全漏洞

OpenStack Neutron is an OpenStack project open-sourced by OpenStack and designed to provide services between interface devices managed by other OpenStack services. A security vulnerability exists in OpenStack Neutron version 25.0.0 and earlier versions, which stems from the fact that...