CVE-2026-43001
7.9 HIGHAn issue was discovered in OpenStack Keystone before 29.0.2
Published: 2026-05-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.9 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
- CWE
- CWE-863
Affected products
| Vendor | Product |
|---|---|
| openstack | keystone |
Description
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-50589 — In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API o... (5.3 MEDIUM)
- CVE-2026-48681 — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
- CVE-2026-44917 — OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via ... (4.9 MEDIUM)
- CVE-2026-46447 — OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info (5.8 MEDIUM)
- CVE-2026-44394 — An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)
Same CWE
- CVE-2026-53860 — OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries... (4.2 MEDIUM)
- CVE-2026-53855 — OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks ... (8.1 HIGH)
- CVE-2026-53854 — OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows sender... (6.5 MEDIUM)
- CVE-2026-53853 — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
- CVE-2026-5149 — The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the g... (6.5 MEDIUM)