Package impact
PIP / openstack-cyborg
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40213 | high | 7.4 | 7.4 | 22d ago | OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints | |||
| CVE-2026-40214 | medium | 6.3 | 6.3 | 22d ago | OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer |