Lucene search
K

4 matches found

NVD
NVD
added 2026/06/12 10:16 p.m.17 views

CVE-2026-53832

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

7.7CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/01/19 12:0 a.m.33 views

CVE-2026-22797

CVE-2026-22797 : OpenStack keystonemiddleware vulnerable to header sanitization flaw in external_oauth2_token middleware. Attackers can forge identity headers (X-Is-Admin-Project, X-Roles, X-User-Id) to escalate privileges or impersonate other users, impacting all deployments using this middlewar...

9.9CVSS5.5AI score0.00575EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/01/19 12:0 a.m.5 views

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

9.9CVSS5.4AI score0.00575EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-3233

Name of the Vulnerable Software and Affected Versions OpenStack affected versions not specified Description An issue exists in OpenStack’s keystonemiddleware component that could allow for privilege escalation or impersonation. An authenticated attacker may be able to elevate their privileges or...

9.9CVSS6.5AI score0.00575EPSS
Exploits0References36
Rows per page
Query Builder