CVE-2026-22797
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk43th percentile - higher than 43% of all known CVEs
Summary
A vulnerability was discovered in OpenStack keystonemiddleware versions 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens, allowing an attacker to send forged identity headers.
Risk Assessment
An authenticated attacker can escalate privileges or impersonate other users, leading to unauthorized access to resources and potential system integrity compromise.
Recommendation
Immediately update keystonemiddleware to version 10.7.2, 10.9.1, or 10.12.1 depending on your branch. If an update is not possible, temporarily disable or restrict access to the external_oauth2_token middleware.
Original NVD description (English source)
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

