{ "dataType": "CVE_RECORD", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2026-43001", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-05-01T07:53:34.311Z", "dateReserved": "2026-05-01T00:00:00.000Z", "datePublished": "2026-05-01T00:00:00.000Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Keystone", "vendor": "OpenStack", "versions": [ { "lessThanOrEqual": "29", "status": "affected", "version": "13", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-01T07:53:34.311Z" }, "references": [ { "url": "https://bugs.launchpad.net/keystone/+bug/2149775" }, { "url": "https://review.opendev.org/c/openstack/keystone/+/985804" } ], "x_generator": { "engine": "enrichogram 0.0.1" }, "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "versionStartIncluding": "13", "versionEndIncluding": "29" } ] } ] } ] } }, "dataVersion": "5.2" }