Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN564
_____________________________________________________________________

DATE                : 29/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Neutron versions prior to
                                26.0.4, 27.0.3, 28.0.1.

=====================================================================
https://security.openstack.org/ossa/OSSA-2026-016.html
_____________________________________________________________________


==================================================================================
OSSA-2026-016: Neutron tagging policy bypass allows project readers to 
mutate tags
==================================================================================

:Date: May 28, 2026
:CVE: CVE-2026-pending


Affects
~~~~~~~
- Neutron: >=26.0.0 <26.0.4, >=27.0.0 <27.0.3, >=28.0.0 <28.0.1


Description
~~~~~~~~~~~
Tim Shephard from roiai.ca reported a policy enforcement bypass in 
Neutron's tagging controller. The controller enforces plural policy 
action names on single-tag write operations while the defined policy 
rules use singular names. The mismatched names evaluate as allowed under 
default policy, permitting a project reader to create and update tags on 
same-project resources. Deployments running Neutron 26.0.0 or later are 
affected.



Patches
~~~~~~~
- https://review.opendev.org/989376 (2025.1/epoxy)
- https://review.opendev.org/989375 (2025.2/flamingo)
- https://review.opendev.org/989374 (2026.1/gazpacho)
- https://review.opendev.org/989099 (2026.2/hibiscus)


Credits
~~~~~~~
- Tim Shephard from roiai.ca (CVE-2026-pending)


References
~~~~~~~~~~
- https://launchpad.net/bugs/2150132
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-pending


Notes
~~~~~
- CVE assignment is pending (MITRE CAN-2026-2030611).


--
Goutham Pacha Ravi (gouthamr)
OpenStack Vulnerability Management Team
https://security.openstack.org/vmt.html


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================