CVE-2026-43001

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 13 through 29

Description An issue exists where the 'POST /v3/credentials' endpoint fails to validate that the project id provided by the caller for an EC2-type credential matches the project of the authenticating application credential. This allows an attacker with an unrestricted application credential for one project to create an EC2 credential targeting a different project. A subsequent exchange via '/v3/ec2tokens' can then issue a Keystone token scoped to the target project while retaining the original app cred id, enabling cross-project lateral movement within the role footprint of the credential owner.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.