High severity7.9NVD Advisory· Published May 1, 2026· Updated Jun 2, 2026
CVE-2026-43001
CVE-2026-43001
Description
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonePyPI | >= 13.0.0, <= 29.0.1 | — |
Affected products
7- osv-coords6 versionspkg:apk/chainguard/openstack-keystone-2025.1pkg:apk/chainguard/openstack-keystone-2025.1-fipspkg:apk/chainguard/openstack-keystone-2025.2pkg:apk/chainguard/openstack-keystone-2025.2-fipspkg:apk/chainguard/openstack-keystone-2026.1pkg:pypi/keystone
< 27.0.1-r0+ 5 more
- (no CPE)range: < 27.0.1-r0
- (no CPE)range: < 27.0.1_git20260601-r3
- (no CPE)range: < 28.0.1-r0
- (no CPE)range: < 28.0.1_git20260610-r1
- (no CPE)range: < 29.0.1-r0
- (no CPE)range: >= 13.0.0, <= 29.0.1
Patches
Vulnerability mechanics
References
6- review.opendev.org/c/openstack/keystone/+/985804nvdPatchWEB
- bugs.launchpad.net/keystone/+bug/2149775nvdExploitIssue TrackingThird Party AdvisoryPatchWEB
- github.com/advisories/GHSA-hhq2-3832-xxcvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-43001ghsaADVISORY
- security.openstack.org/ossa/OSSA-2026-015.htmlnvdVendor AdvisoryPatchWEB
- review.opendev.org/c/openstack/keystoneghsaPACKAGE
News mentions
0No linked articles in our index yet.