CVE-2026-43000
Privilege Escalation in OpenStack Keystone via Trust Abuse
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstack | keystone | to 29.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenStack Keystone versions before 29.0.2. It involves an attacker who has a member role on a project exploiting an application credential impersonation flaw combined with Keystone trusts to escalate their privileges to admin.
The attacker impersonates a victim's token, which carries the victim's identity and passes the trustor validation check. Keystone then validates delegated roles against the victim's actual role assignments in the database rather than the roles on the attacker's token.
This allows the attacker to create a trust that delegates the victim's admin role to themselves. The trust persists independently, enabling the attacker to maintain access by creating additional trusts and application credentials. All malicious actions are logged under the victim's identity.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited privileges (member role) to escalate their access to admin level within OpenStack Keystone.
Such privilege escalation can lead to unauthorized administrative control over the system, potentially allowing the attacker to manipulate resources, access sensitive data, or disrupt services.
Additionally, because the attacker actions are logged under the victim's identity, it can complicate detection and attribution of malicious activities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to escalate privileges to admin by impersonating another user's identity through application credentials and Keystone trusts. Although all actions are logged under the victim's identity, the unauthorized privilege escalation and potential unauthorized access to sensitive data could lead to violations of compliance requirements such as GDPR and HIPAA, which mandate strict access controls and protection of personal and sensitive information.
The persistence of trusts and the ability to maintain elevated access independently increase the risk of prolonged unauthorized access, which can further impact compliance by undermining data integrity and confidentiality controls required by these regulations.