Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in OpenStack Keystone.. ========================================================================== Ubuntu Security Notice USN-8433-1 June 16, 2026 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in OpenStack Keystone. Software Description: - keystone: OpenStack identity service Details: It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. (CVE-2026-33551) It was discovered that the OpenStack Keystone LDAP identity backend did not correctly convert the user enabled attribute to a boolean value. An attacker could possibly use this issue to authenticate as a user disabled in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-40683) It was discovered that OpenStack Keystone's application credential authentication plugin did not verify that the user supplied in an authentication request matched the credential owner. An authenticated attacker could possibly impersonate another user and gain access to their tokens and credentials. (CVE-2026-42998) It was discovered that OpenStack Keystone's RBAC policy enforcer unconditionally merged the raw JSON request body into the policy enforcement dictionary, overwriting trusted target data. An authenticated attacker could possibly use this issue to inject arbitrary policy attributes to bypass RBAC checks. (CVE-2026-42999) It was discovered that OpenStack Keystone allowed an attacker with the member role to escalate privileges to admin by chaining application credential impersonation with Keystone trusts. An attacker could possibly use this issueto create a persistent trust delegating the victim's admin role to themselves. (CVE-2026-43000) It was discovered that OpenStack Keystone did not validate that the project_id for an EC2 credential matched the project of the authenticating application credential. An attacker with valid credentials for one project could possibly use this issue to create EC2 credentials targeting a different project. (CVE-2026-43001) It was discovered that OpenStack Keystone's federated token rescoping mechanism did not propagate the original token's expiry to the newly issued token. A remote attacker could possibly use this issue to maintain access indefinitely by repeatedly rescoping tokens before expiry. (CVE-2026-44394) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS keystone 2:29.0.0-0ubuntu1.2 keystone-common 2:29.0.0-0ubuntu1.2 keystone-doc 2:29.0.0-0ubuntu1.2 python3-keystone 2:29.0.0-0ubuntu1.2 Ubuntu 25.10 keystone 2:28.0.0-0ubuntu1.3 keystone-common 2:28.0.0-0ubuntu1.3 keystone-doc 2:28.0.0-0ubuntu1.3 python3-keystone 2:28.0.0-0ubuntu1.3 Ubuntu 24.04 LTS keystone 2:25.0.0-0ubuntu1.4 keystone-common 2:25.0.0-0ubuntu1.4 keystone-doc 2:25.0.0-0ubuntu1.4 python3-keystone 2:25.0.0-0ubuntu1.4 Ubuntu 22.04 LTS keystone 2:21.0.1-0ubuntu2.4 keystone-common 2:21.0.1-0ubuntu2.4 keystone-doc 2:21.0.1-0ubuntu2.4 python3-keystone 2:21.0.1-0ubuntu2.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8433-1 CVE-2026-33551, CVE-2026-40683, CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394 Package Information: https://launchpad.net/ubuntu/+source/keystone/2:29.0.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/keystone/2:28.0.0-0ubuntu1.3 https://launchpad.net/ubuntu/+source/keystone/2:25.0.0-0ubuntu1.4 https://launchpad.net/ubuntu/+source/keystone/2:21.0.1-0ubuntu2.4 . Several serious security issues were addressed in OpenStack Keystone affecting multiple Ubuntu versions. Immediate updates are necessary.. OpenStack Keystone security update, Ubuntu identity service vulnerabilities, authentication privilege escalation. . Severity: Critical. LinuxSecurity.com Team
Two security vulnerabilities have been discovered in Cyborg, the OpenStack component for management of hardware accelerators, which could result in incomplete access controls. For the stable distribution (trixie), these problems have been fixed in version 14.0.0-3+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1
A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6056-1
OpenStack Keystone could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-7857-1 November 04, 2025 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: OpenStack Keystone could allow unintended access to network services. Software Description: - keystone: OpenStack identity service Details: Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 keystone 2:28.0.0-0ubuntu1.1 python3-keystone 2:28.0.0-0ubuntu1.1 Ubuntu 25.04 keystone 2:27.0.0-0ubuntu1.1 python3-keystone 2:27.0.0-0ubuntu1.1 Ubuntu 24.04 LTS keystone 2:25.0.0-0ubuntu1.1 python3-keystone 2:25.0.0-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7857-1 Package Information: https://launchpad.net/ubuntu/+source/keystone/2:28.0.0-0ubuntu1.1 . OpenStack Keystone vulnerability allows unauthorized access to network services. Update required for Ubuntu systems.. OpenStack Keystone, Ubuntu Security Notice, keystone access issue, Ubuntu vulnerability. . Severity: Critical. LinuxSecurity.com Team
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3872-1
python-oslo.utils, a set of utilities used by OpenStack, was updated as a requirement to fix CVE-2024-32498 in the cinder, glance and nova OpenStack components. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3870-1
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1
Get the latest Linux and open source security news straight to your inbox.