OpenStack CVE-2026-22797
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
AnalysisAI
OpenStack keystonemiddleware 10.5 through 10.9 has an authentication spoofing vulnerability (CVSS 9.9) allowing attackers to bypass Keystone token validation and access any OpenStack service as any user.
Technical ContextAI
A flaw in keystonemiddleware versions 10.5-10.9 allows CWE-290 authentication spoofing by manipulating request headers to bypass token validation. This affects all OpenStack services that rely on keystonemiddleware for authentication.
Affected ProductsAI
OpenStack keystonemiddleware 10.5-10.7 (before 10.7.2) OpenStack keystonemiddleware 10.8-10.9 (before 10.9.1)
RemediationAI
Upgrade to keystonemiddleware 10.7.2 or 10.9.1 immediately. Audit OpenStack API logs for suspicious authentication patterns.
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today