CVE-2026-22797 in keystonemiddleware
Summary
by MITRE • 01/19/2026
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/23/2026
The vulnerability identified as CVE-2026-22797 represents a critical security flaw in OpenStack keystonemiddleware versions ranging from 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. This issue specifically affects the external_oauth2_token middleware component that handles OAuth 2.0 authentication flows within OpenStack environments. The flaw stems from inadequate input sanitization mechanisms that fail to properly validate and sanitize authentication headers received from external OAuth 2.0 providers before these headers are processed by the middleware. This vulnerability falls under the CWE-20 category of "Improper Input Validation" and represents a classic case of header injection or manipulation that can be exploited to bypass authentication controls.
The technical implementation of this vulnerability allows authenticated attackers to manipulate specific identity headers that are typically used by OpenStack for user authorization and role assignment. Attackers can forge headers such as X-Is-Admin-Project, X-Roles, and X-User-Id which are critical for determining user permissions and administrative privileges within the OpenStack cloud infrastructure. When these headers are not properly sanitized, an attacker can inject malicious values that will be interpreted by the middleware as legitimate authentication data. This creates a privilege escalation vector where an attacker can assume administrative roles or impersonate other users within the system. The vulnerability is particularly dangerous because it operates at the middleware level where authentication decisions are made, potentially allowing attackers to gain unauthorized access to sensitive cloud resources and operations.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass significant risks to cloud infrastructure integrity and data security. Organizations using affected OpenStack deployments are at risk of complete administrative compromise, as attackers can manipulate the X-Is-Admin-Project header to gain administrative privileges or use X-Roles to assume roles with elevated permissions. The X-User-Id header manipulation allows for user impersonation attacks that can bypass user-specific access controls and potentially lead to data exfiltration or modification. This vulnerability directly impacts the principle of least privilege and can enable attackers to perform operations such as creating or deleting virtual machines, managing user accounts, accessing confidential tenant data, and modifying cloud configurations. The attack surface is particularly wide since the middleware is typically used in production environments where it processes authentication requests from multiple sources and applications.
Mitigation strategies for this vulnerability should focus on immediate patching of affected OpenStack keystonemiddleware versions to the latest releases that contain the sanitization fixes. Organizations should implement strict header validation mechanisms that filter out or reject any headers containing unexpected characters, malformed values, or unauthorized header names that are not part of the standard OAuth 2.0 specification. Network-level controls such as API gateways or reverse proxies can be configured to strip or sanitize these headers before they reach the middleware. The implementation of proper input validation and sanitization should follow the principle of defense in depth, ensuring that all external inputs are validated against expected patterns and values. Security monitoring should be enhanced to detect unusual header patterns or attempts to manipulate authentication headers, and organizations should conduct regular security assessments to identify and remediate similar vulnerabilities in their cloud infrastructure stack. This vulnerability also highlights the importance of implementing proper access controls and the need for continuous security testing of authentication middleware components that handle external identity providers.