Erichen

Researcher fromInstitute of Computing Technology, Chinese Academy of Sciences
#11918of 53,622
23Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2026-44466
8.1
2026-05-28
Openstack · Openstack Keystone · CVE-2026-44394
**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 29.0.2 **Description** The federated token rescoping mechanism fails to propagate the original token's expiry to the newly issued token. When a federated user rescopes a token through the 'POST /v3/auth/tokens' endpoint, the `handle scoped token()` function in the mapped authentication plugin returns response data lacking an `expires at` value. Consequently, the token provider issues a token with a fresh default Time To Live (TTL). This allows users to maintain indefinite access by repeatedly rescoping tokens before they expire, bypassing configured token lifetime policies. This issue only affects deployments utilizing federated identity, such as SAML2 or OpenID Connect. **Recommendations** Update to version 29.0.2 or later.
PT-2026-40843
4.3
2026-05-14
Openstack · Openstack Ironic · CVE-2026-44919
**Name of the Vulnerable Software and Affected Versions** OpenStack Ironic versions prior to a3f6d73 **Description** An infinite loop can occur during image handling when checksum calculations are performed using the 'file:///dev/zero' URL. **Recommendations** Update to version a3f6d73 or later.
PT-2026-40906
5.3
2026-05-14
Apache · Apache Commons · CVE-2026-45205
**Name of the Vulnerable Software and Affected Versions** Apache Commons versions 2.2 through 2.14.x **Description** An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack exceeds its allocated memory—when handling YAML input containing cycles. **Recommendations** Upgrade to version 2.15.0.
PT-2026-37090
5.3
2026-05-05
Openstack · Openstack Horizon · CVE-2026-43002
**Name of the Vulnerable Software and Affected Versions** OpenStack Horizon versions 25.6 through 25.7.2 OpenStack Horizon versions 25.7 through 25.7.2 **Description** A write operation occurs in the session storage backend before authentication, allowing unauthenticated requests to exhaust the storage. Specifically, the login view stores a post-login redirect URL in the server-side session before the user is authenticated, which can be exploited to cause a session flood. **Recommendations** Update to version 25.7.3.