Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 25.10 Keystone Middleware Important Access Escalation CVE-2026-22797

ubuntu
Calendar Grey February 3, 2026
Dist Ubuntu Esm H88
Unwanted access to network services in Keystone Middleware affects Ubuntu 25.10 and 24.04 LTS. Update recommended.
Keystone Middleware could allow unintended access to network services.

Summary

Keystone Middleware could allow unintended access to network services.

Software Description:

- python-keystonemiddleware: Middleware for OpenStack Identity (Keystone)

Details:

Grzegorz Grasza discovered that the Keystone Middleware incorrectly

sanitized authentication headers before processing OAuth 2.0 tokens. An

attacker could possibly use this issue to escalate privileges or

impersonate other users.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  python3-keystonemiddleware      10.12.0-0ubuntu1.1

Ubuntu 24.04 LTS
  python3-keystonemiddleware      10.6.0-0ubuntu1.1

After a standard system update you need to restart Keystone to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-8008-1

CVE-2026-22797

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8008-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here