{"id":"PYSEC-2026-855","summary":"openstack-neutron uncontrolled resource consumption flaw","details":"An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.","aliases":["CVE-2022-3277","GHSA-w446-h7vg-wv3p"],"modified":"2026-07-07T11:45:40.612971164Z","published":"2026-07-07T10:17:28.235305Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3277"},{"type":"WEB","url":"https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e"},{"type":"WEB","url":"https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316"},{"type":"WEB","url":"https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c"},{"type":"WEB","url":"https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1"},{"type":"WEB","url":"https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476"},{"type":"WEB","url":"https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05"},{"type":"WEB","url":"https://bugs.launchpad.net/neutron/+bug/1988026"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2129193"},{"type":"PACKAGE","url":"https://github.com/openstack/neutron"},{"type":"PACKAGE","url":"https://pypi.org/project/neutron"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-w446-h7vg-wv3p"}],"affected":[{"package":{"name":"neutron","ecosystem":"PyPI","purl":"pkg:pypi/neutron"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.6.0"},{"introduced":"19.0.0.0rc1"},{"fixed":"19.5.0"},{"introduced":"20.0.0.0rc1"},{"fixed":"20.3.0"}]}],"versions":["0.0","10.0.5","10.0.6","10.0.7","11.0.3","11.0.4","11.0.5","11.0.6","11.0.7","11.0.8","12.0.0","12.0.0.0b3","12.0.0.0rc1","12.0.0.0rc2","12.0.1","12.0.2","12.0.3","12.0.4","12.0.5","12.0.6","12.1.0","12.1.1","13.0.0","13.0.0.0b1","13.0.0.0b2","13.0.0.0b3","13.0.0.0rc1","13.0.0.0rc2","13.0.1","13.0.2","13.0.3","13.0.4","13.0.5","13.0.6","13.0.7","14.0.0","14.0.0.0b1","14.0.0.0b2","14.0.0.0b3","14.0.0.0rc1","14.0.1","14.0.2","14.0.3","14.0.4","14.1.0","14.2.0","14.3.0","14.3.1","14.4.0","14.4.1","14.4.2","15.0.0","15.0.0.0b1","15.0.0.0rc1","15.0.0.0rc2","15.0.1","15.0.2","15.1.0","15.2.0","15.3.0","15.3.1","15.3.2","15.3.3","15.3.4","16.0.0","16.0.0.0b1","16.0.0.0rc1","16.0.0.0rc2","16.1.0","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","16.4.1","16.4.2","17.0.0","17.0.0.0rc1","17.0.0.0rc2","17.1.0","17.1.1","17.1.2","17.2.0","17.2.1","17.3.0","17.4.0","17.4.1","18.0.0","18.0.0.0rc1","18.0.0.0rc2","18.1.0","18.1.1","18.2.0","18.3.0","18.4.0","18.5.0","19.0.0","19.0.0.0rc1","19.0.0.0rc2","19.1.0","19.2.0","19.3.0","19.4.0","20.0.0","20.0.0.0rc1","20.0.0.0rc2","20.1.0","20.2.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2026-855.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}