Alerts This Week
Warning Icon 1 615
Alerts This Week
Warning Icon 1 615

Ubuntu OpenStack Keystone Critical Roles Bypass Vulnern USN-8433-1

ubuntu
Calendar Grey June 16, 2026
Dist Ubuntu Esm H88
Several serious security issues were addressed in OpenStack Keystone affecting multiple Ubuntu versions. Immediate updates are necessary.
Several security issues were fixed in OpenStack Keystone.

Summary

Several security issues were fixed in OpenStack Keystone.

Software Description:

- keystone: OpenStack identity service

Details:

It was discovered that OpenStack Keystone allowed restricted application

credentials to create EC2 credentials. An authenticated attacker with only

a reader role could possibly use this issue to bypass the role restrictions

imposed on the application credential. (CVE-2026-33551)

It was discovered that the OpenStack Keystone LDAP identity backend did

not correctly convert the user enabled attribute to a boolean value.

An attacker could possibly use this issue to authenticate as a user disabled

in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,

and Ubuntu 25.10. (CVE-2026-40683)

It was discovered that OpenStack Keystone's application credential

authentication plugin did not verify that the user supplied in an

authentication request matched the credential owner. An authenticated

attacker could possibly impersonate another user and gain...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical authentication openstack identity service application credential

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  keystone                        2:29.0.0-0ubuntu1.2
  keystone-common                 2:29.0.0-0ubuntu1.2
  keystone-doc                    2:29.0.0-0ubuntu1.2
  python3-keystone                2:29.0.0-0ubuntu1.2

Ubuntu 25.10
  keystone                        2:28.0.0-0ubuntu1.3
  keystone-common                 2:28.0.0-0ubuntu1.3
  keystone-doc                    2:28.0.0-0ubuntu1.3
  python3-keystone                2:28.0.0-0ubuntu1.3

Ubuntu 24.04 LTS
  keystone                        2:25.0.0-0ubuntu1.4
  keystone-common                 2:25.0.0-0ubuntu1.4
  keystone-doc                    2:25.0.0-0ubuntu1.4
  python3-keystone                2:25.0.0-0ubuntu1.4

Ubuntu 22.04 LTS
  keystone                        2:21.0.1-0ubuntu2.4
  keystone-common                 2:21.0.1-0ubuntu2.4
  keystone-doc                    2:21.0.1-0ubuntu2.4
  python3-keystone                2:21.0.1-0ubuntu2.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8433-1

CVE-2026-33551, CVE-2026-40683, CVE-2026-42998, CVE-2026-42999,

CVE-2026-43000, CVE-2026-43001, CVE-2026-44394

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8433-1

Topics%20covered

Topics Covered

security advisory critical authentication openstack identity service application credential

Package Information

https://launchpad.net/ubuntu/+source/keystone/2:29.0.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/keystone/2:28.0.0-0ubuntu1.3
https://launchpad.net/ubuntu/+source/keystone/2:25.0.0-0ubuntu1.4
https://launchpad.net/ubuntu/+source/keystone/2:21.0.1-0ubuntu2.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here