OpenStack Cyborg Flaw Allows FPGA Reprogramming via Unauthenticated API

/HIGH /CVSS 7.4/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-863
OpenStack Cyborg Flaw Allows FPGA Reprogramming via Unauthenticated API

The National Vulnerability Database (NVD) reports CVE-2026-40213, a high-severity vulnerability (CVSS 7.4) in OpenStack Cyborg versions prior to 16.0.1. The flaw stems from an insecure default policy (rule:allow, check_str='@') for multiple API endpoints. This configuration permits any request with a valid Keystone token to bypass typical role, project, and scope checks.

This misconfiguration means an authenticated user, even with zero assigned roles, can execute critical actions. Specifically, the NVD highlights the ability to reprogram FPGA bitstreams on arbitrary compute nodes through agent RPC. This isn’t just a minor bypass; it’s a direct avenue for unauthorized hardware manipulation within the OpenStack environment.

For defenders, this is a stark reminder that authentication is not authorization. The attacker’s calculus here is simple: if you can get a valid token, you own the hardware. This vulnerability turns a low-privilege user into a system controller, enabling deep system compromise and potentially persistent backdoors at the hardware level.

What This Means For You

  • If your organization uses OpenStack Cyborg, particularly for managing FPGAs or other hardware accelerators, you need to immediately verify your version. Prioritize upgrading to Cyborg 16.0.1 or later. Furthermore, audit your Keystone policies for `rule:allow` or `@` directives and ensure they are tightly scoped, especially for critical infrastructure components. This isn't theoretical; this is a direct path to hardware-level compromise.

Related ATT&CK Techniques

T1078.002 Valid Accounts: Default Accounts Initial Access T1204.002 Malicious File: User Execution Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1078.002 Privilege Escalation

OpenStack Cyborg Unauthenticated API Access for FPGA Reprogramming - CVE-2026-40213

Sigma YAML — free preview 
title: OpenStack Cyborg Unauthenticated API Access for FPGA Reprogramming - CVE-2026-40213
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
  Detects unauthenticated API requests to OpenStack Cyborg endpoints related to device or driver management. The vulnerability CVE-2026-40213 allows any authenticated user with a valid Keystone token to reprogram FPGA bitstreams by exploiting the default 'rule:allow' policy on these endpoints, bypassing necessary role checks.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-40213/
tags:
  - attack.privilege_escalation
  - attack.t1078.002
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/v1/devices'
          - '/v1/drivers'
      cs-method:
          - 'POST'
      sc-status:
          - 200
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40213 Auth Bypass OpenStack Cyborg before 16.0.1
CVE-2026-40213 Privilege Escalation OpenStack Cyborg before 16.0.1 default policy rule:allow (check_str='@')
CVE-2026-40213 RCE OpenStack Cyborg agent RPC for reprogramming FPGA bitstreams

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 08, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6666 — A possible null pointer reference in PgBouncer before

CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...

vulnerabilityCVEmedium-severitycwe-476
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs /⚙ 1 Sigma

PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow

CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...

vulnerabilityCVEhigh-severitycwe-121
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma