Skip to main content

Swift

18 CVEs product

Monthly

CVE-2026-50221 MEDIUM PATCH This Month

Server-side request forgery in OpenStack Swift's proxy-server allows authenticated users to manipulate object servers into issuing outbound HTTP requests to attacker-specified hosts. All Swift deployments running version 2.0.0 or later across all maintained release trains are affected, including the 2025.1/epoxy, 2025.2/flamingo, 2026.1/gazpacho, and development 2026.2/hibiscus branches. No public exploit has been identified at time of analysis, but successful exploitation could expose internal infrastructure topology, metadata services, or other resources reachable from the object server tier.

SSRF Swift
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-49017 PyPI HIGH PATCH GHSA This Week

Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-server workers by sending a truncated aws-chunked PUT request body. Versions 2.36.0 through 2.36.1 and 2.37.0 through 2.37.1 are affected; the defect was introduced in 2.36.0 and fixed in 2.36.2 and 2.37.2. There is no public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the high availability impact and low attack complexity make this a credible operational threat to S3-compatible Swift deployments.

Denial Of Service Swift Red Hat
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2023-26154 LIB MEDIUM POC PATCH This Month

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure C Core Kotlin Pubnub Swift
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-32389 HIGH This Week

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Swift
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-1642 HIGH This Week

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Deserialization Swift
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-9861 HIGH This Week

A stack overflow issue existed in Swift for Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swift
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-4220 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Apple Swift
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2017-16613 PyPI CRITICAL PATCH Act Now

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Swauth Swift Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-0738 PyPI HIGH PATCH This Week

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swift
NVD GitHub
CVSS 3.0
7.5
EPSS
5.8%
CVE-2016-0737 PyPI HIGH PATCH This Week

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swift
NVD
CVSS 3.0
7.5
EPSS
5.8%
CVE-2015-5223 PyPI MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1856 PyPI MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Swift Ubuntu Linux
NVD
CVSS 2.0
5.5
EPSS
1.0%
CVE-2014-7960 PyPI MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Swift
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3497 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Swift
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6396 PyPI MEDIUM PATCH This Month

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Swift
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-0006 PyPI MEDIUM PATCH This Month

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4155 PyPI MEDIUM PATCH This Month

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Folsom Grizzly Havana +1
NVD
CVSS 2.0
4.0
EPSS
1.0%
CVE-2012-4406 PyPI CRITICAL PATCH Act Now

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization RCE Swift Fedora +5
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Server-side request forgery in OpenStack Swift's proxy-server allows authenticated users to manipulate object servers into issuing outbound HTTP requests to attacker-specified hosts. All Swift deployments running version 2.0.0 or later across all maintained release trains are affected, including the 2025.1/epoxy, 2025.2/flamingo, 2026.1/gazpacho, and development 2026.2/hibiscus branches. No public exploit has been identified at time of analysis, but successful exploitation could expose internal infrastructure topology, metadata services, or other resources reachable from the object server tier.

SSRF Swift
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-server workers by sending a truncated aws-chunked PUT request body. Versions 2.36.0 through 2.36.1 and 2.37.0 through 2.37.1 are affected; the defect was introduced in 2.36.0 and fixed in 2.36.2 and 2.37.2. There is no public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the high availability impact and low attack complexity make this a credible operational threat to S3-compatible Swift deployments.

Denial Of Service Swift Red Hat
NVD VulDB
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure C Core Kotlin +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Swift
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Deserialization +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A stack overflow issue existed in Swift for Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swift
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Apple +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Swauth Swift +1
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swift
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swift
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Swift Ubuntu Linux
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Swift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Swift
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Swift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Folsom +3
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization RCE +7
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy