CVE-2026-22797

Name of the Vulnerable Software and Affected Versions OpenStack (affected versions not specified)

Description An issue exists in OpenStack’s keystonemiddleware component that could allow for privilege escalation or impersonation. An authenticated attacker may be able to elevate their privileges or assume the identity of another user by forging identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id, within external OAuth2 tokens. The issue allows users to ‘ask’ for root access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.