PatchSiren cyber security CVE debrief
CVE-2026-22797 OpenStack CVE debrief
A critical vulnerability was discovered in OpenStack keystonemiddleware versions 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens, allowing an authenticated attacker to escalate privileges or impersonate other users by sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id. This vulnerability has a CVSS score of 9.9 and is considered CRITICAL. All deployments using the external_oauth2_token middleware are affected. Users should update to the latest version of keystonemiddleware to mitigate this vulnerability.
- Vendor
- OpenStack
- Product
- keystonemiddleware
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-19
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-19
- Advisory updated
- 2026-06-30
Who should care
OpenStack users and administrators who utilize the keystonemiddleware component should be aware of this vulnerability and take immediate action to update their systems. This vulnerability can allow an authenticated attacker to escalate privileges or impersonate other users, potentially leading to unauthorized access and control of the system.
Technical summary
The external_oauth2_token middleware in OpenStack keystonemiddleware fails to properly sanitize incoming authentication headers before processing OAuth 2.0 tokens. This allows an authenticated attacker to send forged identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id, to escalate privileges or impersonate other users. The vulnerability has a CVSS score of 9.9 and is considered CRITICAL. The affected versions are 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1.
Defensive priority
High
Recommended defensive actions
- Update keystonemiddleware to the latest version
- Review and sanitize incoming authentication headers
- Monitor system logs for suspicious activity
- Implement additional security measures to prevent privilege escalation
- Verify and validate user identities and roles
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its impact, and affected versions. The OpenStack keystonemiddleware component is affected by this vulnerability, which can allow an authenticated attacker to escalate privileges or impersonate other users.
Official resources
-
CVE-2026-22797 CVE record
CVE.org
-
CVE-2026-22797 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.