CVE-2026-22797 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. Th…
Critical CVSS: 9.9

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
Vendor
-
Product
-
CWE
CWE-290
Yayın Tarihi
2026-01-19 18:16:04
Güncelleme
2026-01-26 15:05:39
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-290 CRITICAL 2026

Referanslar

https://launchpad.net/bugs/2129018 https://www.openwall.com/lists/oss-security/2026/01/16/9 http://www.openwall.com/lists/oss-security/2026/01/15/1 http://www.openwall.com/lists/oss-security/2026/01/16/2 http://www.openwall.com/lists/oss-security/2026/01/16/3 http://www.openwall.com/lists/oss-security/2026/01/16/9