CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 12:0 a.m.•24 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS0.00041EPSS

ATTACKERKB•added 2026/05/28 12:0 a.m.•7 views

CVE-2026-44394

6CVSS5.8AI score0.00561EPSS

Exploits2References3Affected Software1

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

PT-2026-44465

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description A privilege escalation issue exists where an attacker with a member role on a project can escalate their privileges to admin. This is achieved by chaining unrestricted application...

8.8CVSS5.7AI score0.00041EPSS

Exploits1References4

Debian CVE•added 2026/05/28 12:0 a.m.•7 views

CVE-2026-42999

8.8CVSS6AI score0.00041EPSS

Exploits1

Vulnrichment•added 2026/05/28 12:0 a.m.•5 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00064EPSS

CVE•added 2026/05/28 12:0 a.m.•16 views

CVE-2026-44394

CVE-2026-44394 affects OpenStack Keystone before 29.0.2. The federated token rescoping mechanism does not propagate the original token expiry to the newly issued token; repeated rescopes can allow indefinite access by issuing tokens with a fresh TTL, bypassing token lifetime policies. Affected de...

8.1CVSS5.8AI score0.00052EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•7 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from an application credential impersonation vulnerability combined with a trust...

8.8CVSS5.8AI score0.00041EPSS

Debian CVE•added 2026/05/28 12:0 a.m.•5 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS5.8AI score0.00041EPSS

Exploits1

RedhatCVE•added 2026/05/22 3:46 p.m.•8 views

CVE-2026-43001

A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...

Tenable Nessus•added 2026/05/02 12:0 a.m.•6 views

Exploits1References5

Linux Distros Unpatched Vulnerability : CVE-2026-43001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential...

NVD•added 2026/05/01 9:16 a.m.•1 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS0.00018EPSS

UbuntuCve•added 2026/05/01 9:16 a.m.•1 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8.5CVSS5.8AI score0.00018EPSS

OSV•added 2026/05/01 9:16 a.m.•2 views

UBUNTU-CVE-2026-43001

Cvelist•added 2026/05/01 12:0 a.m.•26 views

Exploits1References4

CVE-2026-43001

7.9CVSS0.00018EPSS

Debian CVE•added 2026/05/01 12:0 a.m.•6 views

CVE-2026-43001

CNNVD•added 2026/05/01 12:0 a.m.•5 views

Exploits1

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Security vulnerabilities exist in OpenStack Keystone versions 13 to 29. These vulnerabilities stem from the lack of verification of the projectid provided by the caller in the POST /v3/credentials...

EUVD•added 2026/05/01 12:0 a.m.•4 views

Exploits1References4

EUVD-2026-26488

7.9CVSS5.8AI score0.00018EPSS

CVE•added 2026/05/01 12:0 a.m.•8 views

CVE-2026-43001

CVE-2026-43001 affects OpenStack Keystone (versions 13–29) where POST /v3/credentials does not validate that the caller-supplied project_id for an EC2-type credential matches the authenticating application credential’s project. An attacker with an unrestricted app_cred for project A can create an...

Exploits1References3Affected Software1

Positive Technologies•added 2026/05/01 12:0 a.m.•4 views

PT-2026-36306

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 13 through 29 Description An issue exists where the 'POST /v3/credentials' endpoint fails to validate that the project id provided by the caller for an EC2-type credential matches the project of the authenticating...