Privilege Escalation Vulnerability in OpenStack Keystone by Vendor OpenStack
CVE-2026-43000

6MEDIUM

Key Information:

Vendor: Openstack
Status: Keystone
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-43000?

A vulnerability identified in OpenStack Keystone allows attackers with member roles to escalate privileges to administrator roles. By leveraging unrestricted application credentials alongside Keystone trust mechanisms, an attacker can manipulate victim tokens, gaining unauthorized access to admin functionalities. This process enables the creation of persistent trusts that can grant the attacker ongoing administrative access, which is auditable under the victim's identity. This vulnerability particularly poses risks in multitenant environments, where trust and role delegation are critical for maintaining security.

Affected Version(s)

Keystone 14.0.0 < 27.0.2

Keystone 28.0.0 < 28.0.2

Keystone 29.0.0 < 29.0.2

References

https://bugs.launchpad.net/keystone/+bug/2148477

https://security.openstack.org/ossa/OSSA-2026-015.html

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43000 Data

JSON

Openstack

What is CVE-2026-43000?

Affected Version(s)

References

CVSS V3.1

Timeline