A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
"https://github.com/pypa/advisory-database/blob/main/vulns/python-openstackclient/PYSEC-2026-1853.yaml"