CVE-2026-40683
mediumCVSS v3 Base Score
7.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
High
Published: April 14, 2026 (86 days ago)
Last Modified: April 14, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in OpenStack Keystone. When using the LDAP identity backend, the system incorrectly processes the user enabled attribute if the user_enabled_invert configuration option is set to False. This error causes users marked as disabled in LDAP to be treated as enabled within Keystone, allowing them to authenticate and perform actions despite their disabled status. This can lead to unauthorized access to resources.
CWE
CWE-843Affected Products
Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0