CVE-2026-42999

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14.0.0 through 29.0.1

Description The RBAC policy enforcer in the enforce call() function unconditionally merges the raw JSON request body into the policy enforcement dictionary using policy dict.update(json input.copy()). This process overwrites trusted target data previously retrieved from database lookups. Since flask.request.get json is executed with force=True, the merge occurs regardless of the HTTP method or Content-Type. Consequently, an authenticated user can inject arbitrary policy target attributes, such as user id or project id, into the request body to bypass Role-Based Access Control (RBAC) checks and perform unauthorized operations on resources belonging to other users or projects.

Recommendations Update to version 29.0.2.