PatchSiren cyber security CVE debrief

CVE-2026-50221 OpenStack CVE debrief

CVE-2026-50221 is a server-side request forgery (SSRF) vulnerability in OpenStack Swift before version 2.37.2. The vulnerability allows an authenticated user with write access to inject internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. This can redirect container update requests to an attacker-controlled server, enabling SSRF. The SSRF requests can expose internal cluster metadata, including storage policy indexes, partition mappings, device names, and when at rest encryption is enabled, cipher text and initialization vectors for the container-level encryption key. The attacker can also cause 'ghost listings' in arbitrary containers via the shard-range redirect mechanism.

Vendor: OpenStack
Product: Swift
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-23
Original CVE updated: 2026-06-25
Advisory published: 2026-06-23
Advisory updated: 2026-06-25

Who should care

OpenStack Swift users and administrators should be aware of this vulnerability and take immediate action to update to version 2.37.2 or later. This vulnerability requires an authenticated user with write access, making it a concern for environments where such access is not tightly controlled. The potential for exposure of internal cluster metadata and the ability to cause 'ghost listings' in arbitrary containers make this a medium-severity issue that should be addressed promptly.

Technical summary

The vulnerability exists in the proxy-server component of OpenStack Swift, specifically in how it handles internal update headers from client requests. Normally, these headers are used for internal communication between OpenStack components. However, the proxy-server does not strip these headers before forwarding requests to object-servers. An authenticated user with write access can exploit this by injecting headers that redirect requests to an attacker-controlled server, enabling SSRF. This allows the attacker to access internal cluster metadata and manipulate container listings.

Defensive priority

This vulnerability should be prioritized for remediation due to its potential impact on the security of OpenStack Swift deployments. While the CVSS score is 5.3 (Medium), the potential for data exposure and manipulation makes it important to address.

Recommended defensive actions

Update OpenStack Swift to version 2.37.2 or later.
Review and restrict write access to OpenStack Swift for all users.
Monitor OpenStack Swift logs for suspicious activity.
Implement additional security controls to detect and prevent SSRF attacks.
Perform a thorough inventory of OpenStack Swift deployments to ensure all instances are updated and secure.

Evidence notes

The CVE-2026-50221 vulnerability was publicly disclosed on June 23, 2026, and the NVD entry was last modified on June 25, 2026. The vulnerability affects OpenStack Swift versions before 2.37.2. The CVSS score is 5.3 (Medium), with an attack vector of Network and requiring Low privileges.

Official resources

CVE-2026-50221 CVE record
CVE.org
CVE-2026-50221 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

This article is AI-assisted and based on the supplied source corpus.