Skip to main content

OpenStack Swift EUVDEUVD-2026-38537

| CVE-2026-50221 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
5.3
CVSS 4.0 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.0 MEDIUM

Network-accessible proxy-server requires low-privilege authenticated access; scope changes because object servers are caused to make requests, yielding partial confidentiality disclosure of internal infrastructure.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Red Hat
6.4 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 23, 2026 - 19:02 EUVD
CVSS changed
Jun 23, 2026 - 18:22 NVD
5.3 (MEDIUM)
Analysis Generated
Jun 23, 2026 - 16:16 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Server-side request forgery in OpenStack Swift's proxy-server allows authenticated users to manipulate object servers into issuing outbound HTTP requests to attacker-specified hosts. All Swift deployments running version 2.0.0 or later across all maintained release trains are affected, including the 2025.1/epoxy, 2025.2/flamingo, 2026.1/gazpacho, and development 2026.2/hibiscus branches. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Swift proxy-server with valid credentials
Delivery
Craft HTTP request with injected SSRF headers specifying internal target
Exploit
Proxy-server forwards manipulated headers to object server
Execution
Object server issues outbound HTTP request to attacker-specified host
Impact
Attacker observes response to enumerate internal infrastructure or harvest metadata

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid, authenticated Swift user account with access to submit requests to the proxy-server API endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No official CVSS score or EPSS data was supplied with this advisory, so risk metrics are inferred from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid Swift account submits a crafted API request to the proxy-server containing injected HTTP headers that specify an attacker-controlled or internal target host. The proxy-server forwards this manipulated request to an object server, which dutifully issues an outbound HTTP request to the specified destination - potentially reaching a cloud provider instance metadata service (e.g., 169.254.169.254) or an internal management API. …
Remediation Upstream fixes have been submitted via OpenDev code review for all maintained branches: 2026.2/hibiscus at https://review.opendev.org/994449, 2026.1/gazpacho at https://review.opendev.org/994450, 2025.2/flamingo at https://review.opendev.org/994451, and 2025.1/epoxy at https://review.opendev.org/994452. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all OpenStack Swift installations and document versions 2.0.0+. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Swift

View all
CVE-2012-4406 CRITICAL
9.8 Oct 22

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing

CVE-2017-16613 CRITICAL
9.8 Nov 21

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1

CVE-2023-26154 MEDIUM POC
5.9 Dec 06

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubn

CVE-2018-4220 HIGH
8.8 Jun 08

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2016-0738 HIGH
7.5 Jan 29

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close serv

CVE-2016-0737 HIGH
7.5 Jan 29

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers

CVE-2022-32389 HIGH
7.5 Jul 14

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. Rated high severity (CVSS 7.

CVE-2022-1642 HIGH
7.5 Jun 16

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious

CVE-2020-9861 HIGH
7.5 Nov 02

A stack overflow issue existed in Swift for Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi

CVE-2026-49017 HIGH
7.1 May 27

Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-se

CVE-2013-6396 MEDIUM
5.8 Feb 18

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates

CVE-2015-1856 MEDIUM
5.5 Apr 17

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to de

Vendor StatusVendor

Share

EUVD-2026-38537 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy