CVE-2026-33551

🗓️ 10 Apr 2026 00:00:00Reported by mitreType

Reader can obtain elastic compute cloud and simple storage service credentials via restricted application credentials in OpenStack Keystone using EC2 API, bypassing role limits.

Reporter	Title	Published	Views	Family All 27
ATTACKERKB	CVE-2026-33551	10 Apr 202600:00	–	attackerkb
CNNVD	OpenStack Keystone 安全漏洞	10 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-33551	10 Apr 202600:00	–	cvelist
Debian	[SECURITY] [DLA 4611-1] keystone security update	1 Jun 202602:36	–	debian
Debian	[SECURITY] [DSA 6331-1] keystone security update	8 Jun 202620:07	–	debian
Debian CVE	CVE-2026-33551	10 Apr 202600:00	–	debiancve
Tenable Nessus	Debian dla-4611 : keystone - security update	1 Jun 202600:00	–	nessus
Tenable Nessus	Debian dsa-6331 : keystone - security update	8 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-33551	8 Apr 202600:00	–	nessus
EUVD	EUVD-2026-21278	10 Apr 202600:00	–	euvd

NVD

Vulners

CNA

Node

openstack keystoneRange14.0.0–26.1.1

openstack keystoneMatch27.0.0

openstack keystoneMatch28.0.0

openstack keystoneMatch29.0.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Keystone",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "26.1.1",
        "status": "affected",
        "version": "14.0.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "27.0.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "28.0.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "29.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
security	www.security.openstack.org/ossa/OSSA-2026-005.html
bugs	www.bugs.launchpad.net/keystone/+bug/2142138
openwall	www.openwall.com/lists/oss-security/2026/04/07/12

05 Jun 2026 14:22Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.13.5 - 5.3

EPSS0.00211

SSVC

CWE-863