CVE-2026-22797 in keystonemiddlewareالمعلومات

الملخص

بحسب MITRE • 19/01/2026

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

MITRE

حجز

09/01/2026

إفشاء

19/01/2026

الاعتدال

تمت الموافقة

إدخال

VDB-341801

CPE

جاهز

CWE

CWE-290 (مؤكد)

CVSS

9.9 (CNA)

EPSS

0.00167

KEV

لا

النشاطات

منخفض جدًا

القطاع

Chemical, Finance, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22797
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22797
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22797/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!