Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 26.04 LTS Cyborg Critical API Flaws Denial of Service USN-8413-1

ubuntu
Calendar Grey June 9, 2026
Dist Ubuntu Esm H88
Several security issues in Cyborg for Ubuntu fixed, including cross-tenant DoS threats. Immediate updates recommended.
Several security issues were fixed in Cyborg.

Summary

Several security issues were fixed in Cyborg.

Software Description:

- cyborg: OpenStack Acceleration as a Service

Details:

It was discovered that Cyborg did not properly enforce project ownership in

the Accelerator Request (ARQ) API. An authenticated user could possibly use

this issue to delete ARQs bound to other projects' instances, resulting in

a cross-tenant denial of service. (CVE-2026-40214)

It was discovered that Cyborg used a permissive default policy that

authorized any request carrying a valid authentication token, regardless of

roles or scope, for multiple API endpoints. An authenticated user could

possibly use this issue to perform unauthorized actions, such as

reprogramming FPGA bitstreams on arbitrary compute nodes. (CVE-2026-40213)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  cyborg-agent                    16.0.0-2ubuntu0.1
  cyborg-api                      16.0.0-2ubuntu0.1
  cyborg-common                   16.0.0-2ubuntu0.1
  cyborg-conductor                16.0.0-2ubuntu0.1
  python3-cyborg                  16.0.0-2ubuntu0.1

Ubuntu 25.10
  cyborg-agent                    14.0.0-3+deb13u1build0.25.10.1
  cyborg-api                      14.0.0-3+deb13u1build0.25.10.1
  cyborg-common                   14.0.0-3+deb13u1build0.25.10.1
  cyborg-conductor                14.0.0-3+deb13u1build0.25.10.1
  python3-cyborg                  14.0.0-3+deb13u1build0.25.10.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8413-1

CVE-2026-40213, CVE-2026-40214

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8413-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here