CVE-2026-22797 in keystonemiddleware情報

要約

〜によって MITRE • 2026年01月19日

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

MITRE

予約する

2026年01月09日

公開

2026年01月19日

モデレーション

承諾済み

エントリ

VDB-341801

CPE

準備完了

CWE

CWE-290 (確認済み)

CVSS

9.9 (CNA)

EPSS

0.00167

KEV

いいえ

アクティビティ

非常低い

セクター

Finance, Lawfirm, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22797
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22797
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22797/

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!