Moderate: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (python-eventlet) security update

An update for python-eventlet is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via AWS signature validation flaw

A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (openstack-keystone) security update

An update for openstack-keystone is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (openstack-keystone) (RHSA-2026:1958)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1958 advisory. Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. Security Fixes: OpenStack Keystone: Unauthorized...

ROS-20260129-73-0002

Vulnerability in openstack-barbican related to lack of protection of proprietary data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260129-73-0001

Vulnerability in openstack-barbican related to authentication bypass due to an initial bug. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

ROS-20260129-73-0003

Vulnerability in openstack-barbican related to insufficient spatial partitioning. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260122-73-0002

Vulnerability in openstack-ironic-python-agent related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

[SECURITY] [DSA 6104-1] python-keystonemiddleware security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2026 https://www.debian.org/security/faq -...

CVE-2026-22797

A flaw was found in OpenStack keystonemiddleware. The externaloauth2token middleware fails to properly sanitize incoming authentication headers. An authenticated attacker can exploit this by sending forged identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id. This can lead to...

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

UBUNTU-CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

EUVD-2026-3202

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

CVE-2026-22797

CVE-2026-22797 : OpenStack keystonemiddleware vulnerable to header sanitization flaw in external_oauth2_token middleware. Attackers can forge identity headers (X-Is-Admin-Project, X-Roles, X-User-Id) to escalate privileges or impersonate other users, impacting all deployments using this middlewar...

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-yaql (UTSA-2026-000170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000170 advisory. In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied...

PT-2026-20315

Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...