CVE-2026-43000

🗓️ 28 May 2026 00:00:00Reported by mitreType

OpenStack Keystone before 29.0.2: member escalates to admin via impersonation and trusts; persists under victim.

Reporter	Title	Published	Views	Family All 20
ATTACKERKB	CVE-2026-43000	28 May 202600:00	–	attackerkb
Circl	CVE-2026-43000	15 May 202604:15	–	circl
CNNVD	OpenStack Keystone 安全漏洞	28 May 202600:00	–	cnnvd
CVE	CVE-2026-43000	28 May 202600:00	–	cve
Debian	[SECURITY] [DLA 4611-1] keystone security update	1 Jun 202602:36	–	debian
Debian	[SECURITY] [DSA 6331-1] keystone security update	8 Jun 202620:07	–	debian
Debian CVE	CVE-2026-43000	28 May 202600:00	–	debiancve
Tenable Nessus	Debian dla-4611 : keystone - security update	1 Jun 202600:00	–	nessus
Tenable Nessus	Debian dsa-6331 : keystone - security update	8 Jun 202600:00	–	nessus
Tenable Nessus	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)	17 Jun 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "Keystone",
    "vendor": "OpenStack",
    "versions": [
      {
        "lessThan": "27.0.2",
        "status": "affected",
        "version": "14.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "28.0.2",
        "status": "affected",
        "version": "28.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "29.0.2",
        "status": "affected",
        "version": "29.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
bugs	www.bugs.launchpad.net/keystone/+bug/2148477
security	www.security.openstack.org/ossa/OSSA-2026-015.html

28 May 2026 18:33Current

CVSS 3.16

EPSS0.00244

CWE-863