OpenStack Keystone RBAC Policy Bypass Vulnerability
CVE-2026-42999

6MEDIUM

Key Information:

Vendor: Openstack
Status: Keystone
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-42999?

A vulnerability in OpenStack Keystone allows authenticated users to manipulate policy target attributes within the request body, leading to the bypassing of Role-Based Access Control (RBAC) checks. This issue occurs when the Keystone RBAC policy enforcer unconditionally merges raw JSON request data, potentially overwriting trusted target data with user-defined inputs. As a result, malicious users can exploit this flaw to perform unauthorized actions on resources belonging to other users or projects, significantly compromising security. This vulnerability was introduced in commit 5ea59f52 and affects all versions before 29.0.2.

Affected Version(s)

Keystone 14.0.0 < 27.0.2

Keystone 28.0.0 < 28.0.2

Keystone 29.0.0 < 29.0.2

References

https://bugs.launchpad.net/keystone/+bug/2148398

https://security.openstack.org/ossa/OSSA-2026-015.html

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-42999 Data

JSON

Openstack

What is CVE-2026-42999?

Affected Version(s)

References

CVSS V3.1

Timeline