CVE-2026-49299 – OpenStack Neutron Policy Name Confusion Vulnerability

CVE ID :CVE-2026-49299

Published : May 28, 2026, 10:17 p.m. | 15 minutes ago

Description :In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9811 – Mautic Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2026-9809 – Mautic Stored XSS in Projects Component

CVE-2026-9808 – Mautic Authorization Bypass

CVE-2026-9559 – Mautic Remote Code Execution via Path Traversal