Skip to main content

OpenStack Keystone CVE-2026-42999

HIGH
Incorrect Authorization (CWE-863)
2026-05-28 mitre
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Any authenticated user (PR:L) can reach the network API (AV:N) and trivially inject target attributes (AC:L), enabling cross-tenant read, modify, and delete (C/I/A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Red Hat
8.3 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jun 30, 2026 - 04:17 vuln.today
v4 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 04:16 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 04:13 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 03:24 vuln.today
cvss_changed
Severity Changed
Jun 30, 2026 - 03:24 NVD
MEDIUM HIGH
CVSS changed
Jun 30, 2026 - 03:24 NVD
6.0 (MEDIUM) 8.8 (HIGH)
Analysis Generated
May 28, 2026 - 19:30 vuln.today

DescriptionNVD

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0).

AnalysisAI

Authorization bypass in OpenStack Keystone before 29.0.2 lets any authenticated user override trusted RBAC policy targets by injecting attributes like user_id or project_id into the JSON request body. The enforce_call routine unconditionally merges the raw request body over database-derived target data, so low-privileged users can perform operations on resources owned by other users or projects. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%), but the flaw is trivially exploitable by any account and a vendor patch is available.

Technical ContextAI

Keystone is the centralized identity and authorization service for OpenStack, and its policy enforcer (oslo.policy / RBAC layer) is the gatekeeper for nearly every API operation across the cloud. The root cause is a CWE-863 incorrect authorization: in enforce_call, the code executes policy_dict.update(json_input.copy()), merging the attacker-controlled request body into the policy enforcement dictionary AFTER trusted target attributes were populated from database lookups, allowing the untrusted values to win. Because flask.request.get_json is called with force=True, the body is parsed and merged regardless of Content-Type header or HTTP method, widening the trigger surface. The affected component is cpe:2.3:a:openstack:keystone, written in Python, and the defect was introduced in commit 5ea59f52 dating back to the Rocky/14.0.0 release, meaning a long span of releases is impacted.

RemediationAI

Vendor-released patch: upgrade OpenStack Keystone to 29.0.2 or later, which corrects enforce_call so the untrusted request body no longer overwrites database-derived policy targets. Distribution users should apply their packaged fixes - Ubuntu via USN-8433-1 (https://ubuntu.com/security/notices/USN-8433-1) and Red Hat per the advisory at https://access.redhat.com/security/cve/CVE-2026-42999 - and consult OSSA-2026-015 (https://security.openstack.org/ossa/OSSA-2026-015.html) for backport guidance to older supported branches (the bug reaches back to Rocky/14.0.0). If immediate patching is impossible, compensating controls are limited because the flaw is in the core enforcement path: place Keystone behind an API gateway or WSGI middleware that strips or rejects JSON request bodies on GET/DELETE and other methods that should not carry payloads (trade-off: may break clients that rely on Keystone's force=True parsing), tighten and monitor API audit logs for requests where body-supplied user_id/project_id differs from the token scope, and restrict API exposure to trusted networks to reduce the authenticated attacker population (trade-off: does not stop a legitimate-but-malicious tenant). These are stopgaps only - upgrading to 29.0.2 is the sole complete fix.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Vendor StatusVendor

Share

CVE-2026-42999 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy