CVE-2026-43001
CVSS Score
7.9
EPSS Score
0.0%
EPSS Percentile
0th
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint.
| CWE | CWE-863 |
| Vendor | openstack |
| Product | keystone |
| Published | May 1, 2026 |
| Last Updated | May 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for openstack keystone
Be the first to know when new high vulnerabilities affecting openstack keystone are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
Affected Versions
OpenStack / Keystone
13 โค 29