Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN593
_____________________________________________________________________

DATE                : 04/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Openstack Neutron versions
      >=25.0.0 <25.2.4, >=26.0.0 <26.0.4, >=27.0.0 <27.0.3, ==28.0.0.

=====================================================================
https://security.openstack.org/ossa/OSSA-2026-021.html
_____________________________________________________________________


OSSA-2026-021: Neutron port RBAC policy bypass allows project managers
to set trusted device owners on shared networks

Date:

    June 04, 2026
CVE:

    CVE-2026-pending

Affects

    Neutron: >=25.0.0 <25.2.4, >=26.0.0 <26.0.4, >=27.0.0 <27.0.3, ==28.0.0

Description

Tim Shephard from roiai.ca reported a policy enforcement bypass in Neutron’s
default port RBAC rules. A project manager can create or update a port on a
shared network owned by another project and set device_owner to a trusted
network-service value such as network:dhcp. Depending on backend and
deployment, this can bypass anti-spoofing and security group protections.
This is a regression of CVE-2015-5240 (OSSA-2015-018) introduced by the
manager role support change. Deployments running Neutron 25.0.0 or later
are affected.


Patches

    https://review.opendev.org/991523 (2025.1/epoxy)

    https://review.opendev.org/990356 (2025.2/flamingo)

    https://review.opendev.org/990353 (2026.1/gazpacho)

    https://review.opendev.org/990273 (2026.2/hibiscus)

Credits

    Tim Shephard from roiai.ca (CVE-2026-pending)

References

    https://launchpad.net/bugs/2152115

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-pending

Notes

    A CVE request has been filed with MITRE (CAN-2026-2030702).

    This is a regression of CVE-2015-5240 (OSSA-2015-018).



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================