CVE-2026-33551
lowCVSS v3 Base Score
3.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 92% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full set of the parent user's S3 permissions. This effectively bypasses the role restrictions imposed on the application credential, leading to unauthorized access and privilege escalation. This issue affects deployments that use restricted application credentials in combination with the EC2/S3 compatibility API.
CWE
CWE-266Affected Products
Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0