{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49299", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-05-28T21:53:02.642Z", "datePublished": "2026-05-28T21:53:03.408Z", "dateUpdated": "2026-06-02T17:33:09.589Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Neutron", "repo": "https://opendev.org/openstack/neutron", "vendor": "OpenStack", "versions": [{"lessThan": "26.0.4", "status": "affected", "version": "26.0.0", "versionType": "semver"}, {"lessThan": "27.0.3", "status": "affected", "version": "27.0.0", "versionType": "semver"}, {"lessThan": "28.0.1", "status": "affected", "version": "28.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-28T21:53:03.408Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://bugs.launchpad.net/bugs/2150132"}, {"tags": ["patch"], "url": "https://review.opendev.org/c/openstack/neutron/+/989099"}, {"url": "https://www.openwall.com/lists/oss-security/2026/05/28/8"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0.0", "versionEndExcluding": "26.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "versionStartIncluding": "27.0.0", "versionEndExcluding": "27.0.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "versionStartIncluding": "28.0.0", "versionEndExcluding": "28.0.1"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T14:04:25.651087Z", "id": "CVE-2026-49299", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T14:04:44.001Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/02/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-02T17:33:09.589Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/02/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-02T17:33:09.589Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-49299", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-29T14:04:25.651087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T14:04:32.696Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://opendev.org/openstack/neutron", "vendor": "OpenStack", "product": "Neutron", "versions": [{"status": "affected", "version": "26.0.0", "lessThan": "26.0.4", "versionType": "semver"}, {"status": "affected", "version": "27.0.0", "lessThan": "27.0.3", "versionType": "semver"}, {"status": "affected", "version": "28.0.0", "lessThan": "28.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugs.launchpad.net/bugs/2150132", "tags": ["issue-tracking"]}, {"url": "https://review.opendev.org/c/openstack/neutron/+/989099", "tags": ["patch"]}, {"url": "https://www.openwall.com/lists/oss-security/2026/05/28/8"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.0.4", "versionStartIncluding": "26.0.0"}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "27.0.3", "versionStartIncluding": "27.0.0"}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "28.0.1", "versionStartIncluding": "28.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-28T21:53:03.408Z"}}}, "cveMetadata": {"cveId": "CVE-2026-49299", "state": "PUBLISHED", "dateUpdated": "2026-06-02T17:33:09.589Z", "dateReserved": "2026-05-28T21:53:02.642Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-05-28T21:53:03.408Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected."}], "id": "CVE-2026-49299", "lastModified": "2026-06-02T20:16:39.760", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-05-28T22:17:02.093", "references": [{"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/bugs/2150132"}, {"source": "cve@mitre.org", "url": "https://review.opendev.org/c/openstack/neutron/+/989099"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2026/05/28/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/06/02/7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "openstack-neutron: OpenStack Neutron: Unauthorized tag modification due to policy enforcement mismatch", "id": "2482994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482994"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-425", "details": ["In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected.", "A flaw was found in OpenStack Neutron. The tagging controller incorrectly enforces plural policy action names for single-tag write operations, while the defined policy rules use singular names. This mismatch allows a project reader to bypass intended policy restrictions, enabling them to create and update tags on resources within the same project. This could lead to unauthorized modification of resource metadata."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-49299", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2026-05-28T21:53:03Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-49299\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-49299\nhttps://bugs.launchpad.net/bugs/2150132\nhttps://review.opendev.org/c/openstack/neutron/+/989099\nhttps://www.openwall.com/lists/oss-security/2026/05/28/8"], "statement": "This Moderate impact flaw in OpenStack Neutron, as shipped in Red Hat OpenStack Platform, allows a project reader to bypass policy restrictions. Due to a mismatch in policy enforcement for single-tag write operations, an authenticated attacker with project reader privileges can create and update tags on resources within the same project, leading to unauthorized modification of resource metadata.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[26.0.0,26.0.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[27.0.0,27.0.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[28.0.0,28.0.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Neutron", "source": "cna", "vendor": "OpenStack"}, "product": "neutron", "vendor": "openstack"}], "created": "2026-05-29T01:00:11.663675+00:00", "updated": "2026-06-19T14:15:04.194723+00:00", "vendors": ["openstack", "openstack$PRODUCT$neutron"]}