PYSEC-2026-851

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2026-851.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-851
Aliases
Published
2026-07-06T08:03:26.034481Z
Modified
2026-07-07T11:46:06.080246832Z
Summary
OpenStack Neutron Improper Authentication vulnerability
Details

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

References

Affected packages

PyPI / neutron

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2012.2
Fixed
2013.2.3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2026-851.yaml"