{"vulnerability": "CVE-2026-40213", "sightings": [{"uuid": "9ac10384-b0e8-4a93-9399-5d6a0554d6c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40213", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlbwiqouav2m", "content": "[OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213, CVE-2026-40214)", "creation_timestamp": "2026-05-07T19:16:19.234786Z"}, {"uuid": "cd2a3c4a-40a5-43a6-9de9-aec6744258db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40213", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlcjjhsyd62k", "content": "CVE-2026-40213 - OpenStack Cyborg Default Policy Authorization Bypass\nCVE ID : CVE-2026-40213\n \n Published : May 7, 2026, 10:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API ...", "creation_timestamp": "2026-05-08T00:56:44.826109Z"}]}