CVE-2026-43001
highCVSS v3 Base Score
8.0
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 98% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied project_id for an EC2-type credential was not validated against the project of the authenticating application credential. This allows the attacker to create an EC2 credential targeting a different project. Subsequently, a /v3/ec2tokens exchange would issue a Keystone token scoped to the targeted project, enabling unauthorized cross-project access and lateral movement within the credential owner's role footprint.
CWE
CWE-1288Affected Products
Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0