OpenStack keystonemiddleware 10.512 Privilege Escalation via OAuth headers
CVE-2026-22797 Published on January 19, 2026
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
Weakness Type
Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
Products Associated with CVE-2026-22797
Want to know whenever a new CVE is published for OpenStack Keystonemiddleware? stack.watch will email you.
Affected Versions
OpenStack keystonemiddleware:- Version 10.5.0 and below 10.7.2 is affected.
- Version 10.8.0 and below 10.9.1 is affected.
- Version 10.10.0 and below 10.12.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.