CVE-2026-22797

CVE-2026-22797 PUBLISHED

Assigner: mitre
Reserved: 09.01.2026 Published: 19.01.2026 Updated: 20.01.2026

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CVSS Score: 9.9

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	OpenStack
Product	keystonemiddleware
Versions	Default: unaffected affected from 10.5.0 to 10.7.2 (excl.) affected from 10.8.0 to 10.9.1 (excl.) affected from 10.10.0 to 10.12.1 (excl.)

Vendor

OpenStack

Product

keystonemiddleware

Versions

Default: unaffected

affected from 10.5.0 to 10.7.2 (excl.)
affected from 10.8.0 to 10.9.1 (excl.)
affected from 10.10.0 to 10.12.1 (excl.)

References

Problem Types

CWE-290 Authentication Bypass by Spoofing CWE