CVE-2026-33551

MEDIUM EPSS 12.4%
Published Apr 10, 20262mo ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Apr 10, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that use restricted application credentials in combination with the EC2/S3 compatibility API (swift3 / s3api) are affected.

CVSS Details

Base Score
5.3
Exploitability
1.6
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
12.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 4

VendorProductVersionRange
openstackkeystone*≥14.0.0  –  <26.1.1
openstackkeystone27.0.0any
openstackkeystone28.0.0any
openstackkeystone29.0.0any

References 3

  • openwall.com http://www.openwall.com/lists/oss-security/2026/04/07/12
    Mailing ListPatchThird Party Advisory
  • bugs.launchpad.net https://bugs.launchpad.net/keystone/+bug/2142138
    ExploitIssue Tracking
  • security.openstack.org https://security.openstack.org/ossa/OSSA-2026-005.html
    PatchVendor Advisory

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2026/04/07/12
    Mailing ListPatchThird Party Advisory
  • security.openstack.org https://security.openstack.org/ossa/OSSA-2026-005.html
    PatchVendor Advisory