CVE Catalog

CVE-2026-22797

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.58%

43th percentile - higher than 43% of all known CVEs

Summary

A vulnerability was discovered in OpenStack keystonemiddleware versions 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens, allowing an attacker to send forged identity headers.

Risk Assessment

An authenticated attacker can escalate privileges or impersonate other users, leading to unauthorized access to resources and potential system integrity compromise.

Recommendation

Immediately update keystonemiddleware to version 10.7.2, 10.9.1, or 10.12.1 depending on your branch. If an update is not possible, temporarily disable or restrict access to the external_oauth2_token middleware.

Original NVD description (English source)

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS