OpenStack Flaw Lets Users Reprogram Others' Hardware

Critical flaws in OpenStack Cyborg let authenticated users disrupt services or even reprogram other tenants' hardware accelerators, creating a significant infrastructure risk.

Two high-severity security vulnerabilities have been discovered in OpenStack Cyborg, the framework for managing hardware accelerators like FPGAs and GPUs. The first flaw (CVE-2026-40214) is in the Accelerator Request API, which failed to properly check project ownership. This oversight allows an authenticated user from one project, or tenant, to delete accelerator requests belonging to a completely different tenant. The second vulnerability stems from a dangerously permissive default security policy. This policy was configured to authorize any request that carried a valid authentication token, effectively ignoring the specific permissions that should be assigned to a user. This setup undermines the principle of least privilege, a cornerstone of secure multi-tenant architecture, by treating all authenticated users as if they have broad access to certain functions. These flaws create a direct path for users to interfere with the operations of others sharing the same cloud infrastructure.

The consequences for organizations using OpenStack are severe. The API flaw enables cross-tenant denial of service attacks, where one user could cripple critical, high-performance workloads for another. The permissive policy flaw is even more alarming, opening the door for unauthorized remote actions against the hardware itself. The security advisory explicitly warns that an attacker could reprogram Field-Programmable Gate Arrays (FPGAs). This means they could alter the hardware's core logic to steal sensitive data, cause permanent damage, or create a persistent backdoor. This represents a fundamental breach of the isolation expected in a cloud environment, turning a shared resource into a shared liability. This incident serves as a critical reminder for IT and security teams to conduct regular audits, avoid relying on default policies, and prioritize applying security patches to mitigate these immediate risks.

The vulnerabilities allow authenticated but low-privilege users to disrupt other tenants' services or even reprogram their hardware, breaking the fundamental security isolation of a multi-tenant cloud environment and posing a severe risk to data integrity and infrastructure stability.

Businesses relying on OpenStack for accelerated computing could face service disruptions from denial-of-service attacks. More critically, the ability for an attacker to reprogram hardware could lead to data theft, persistent system compromise, and significant reputational damage.