Packages
- keystone - OpenStack identity service
Details
It was discovered that OpenStack Keystone allowed restricted application
credentials to create EC2 credentials. An authenticated attacker with only
a reader role could possibly use this issue to bypass the role restrictions
imposed on the application credential. (CVE-2026-33551)
It was discovered that the OpenStack Keystone LDAP identity backend did
not correctly convert the user enabled attribute to a boolean value.
An attacker could possibly use this issue to authenticate as a user disabled
in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,
and Ubuntu 25.10. (CVE-2026-40683)
It was discovered that OpenStack Keystone's application credential
authentication plugin did not verify that the user supplied in an
authentication request matched the credential owner. An authenticated
attacker could possibly impersonate another user and...
It was discovered that OpenStack Keystone allowed restricted application
credentials to create EC2 credentials. An authenticated attacker with only
a reader role could possibly use this issue to bypass the role restrictions
imposed on the application credential. (CVE-2026-33551)
It was discovered that the OpenStack Keystone LDAP identity backend did
not correctly convert the user enabled attribute to a boolean value.
An attacker could possibly use this issue to authenticate as a user disabled
in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,
and Ubuntu 25.10. (CVE-2026-40683)
It was discovered that OpenStack Keystone's application credential
authentication plugin did not verify that the user supplied in an
authentication request matched the credential owner. An authenticated
attacker could possibly impersonate another user and gain access to their
tokens and credentials. (CVE-2026-42998)
It was discovered that OpenStack Keystone's RBAC policy enforcer
unconditionally merged the raw JSON request body into the policy enforcement
dictionary, overwriting trusted target data. An authenticated attacker could
possibly use this issue to inject arbitrary policy attributes to bypass RBAC
checks. (CVE-2026-42999)
It was discovered that OpenStack Keystone allowed an attacker with the member
role to escalate privileges to admin by chaining application credential
impersonation with Keystone trusts. An attacker could possibly use this
issue to create a persistent trust delegating the victim's admin role to
themselves. (CVE-2026-43000)
It was discovered that OpenStack Keystone did not validate that the project_id
for an EC2 credential matched the project of the authenticating application
credential. An attacker with valid credentials for one project could possibly
use this issue to create EC2 credentials targeting a different project.
(CVE-2026-43001)
It was discovered that OpenStack Keystone's federated token rescoping mechanism
did not propagate the original token's expiry to the newly issued token. A
remote attacker could possibly use this issue to maintain access indefinitely by
repeatedly rescoping tokens before expiry. (CVE-2026-44394)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | keystone – 2:29.0.0-0ubuntu1.2 | ||
| keystone-common – 2:29.0.0-0ubuntu1.2 | |||
| keystone-doc – 2:29.0.0-0ubuntu1.2 | |||
| python3-keystone – 2:29.0.0-0ubuntu1.2 | |||
| 25.10 questing | keystone – 2:28.0.0-0ubuntu1.3 | ||
| keystone-common – 2:28.0.0-0ubuntu1.3 | |||
| keystone-doc – 2:28.0.0-0ubuntu1.3 | |||
| python3-keystone – 2:28.0.0-0ubuntu1.3 | |||
| 24.04 LTS noble | keystone – 2:25.0.0-0ubuntu1.4 | ||
| keystone-common – 2:25.0.0-0ubuntu1.4 | |||
| keystone-doc – 2:25.0.0-0ubuntu1.4 | |||
| python3-keystone – 2:25.0.0-0ubuntu1.4 | |||
| 22.04 LTS jammy | keystone – 2:21.0.1-0ubuntu2.4 | ||
| keystone-common – 2:21.0.1-0ubuntu2.4 | |||
| keystone-doc – 2:21.0.1-0ubuntu2.4 | |||
| python3-keystone – 2:21.0.1-0ubuntu2.4 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.