Main Vulnerability Database SB2026040848

SB2026040848 - Privilege escalation in OpenStack Keystone

Published: April 8, 2026

Security Bulletin ID SB2026040848

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2026-33551)

The vulnerability allows a remote user to bypass application credential restrictions and obtain broader S3 permissions.

The vulnerability exists due to improper access control in the EC2 credential creation endpoint when handling requests to create EC2 credentials with a restricted application credential. A remote user can call the EC2 credential creation API to bypass application credential restrictions and obtain broader S3 permissions.

Only deployments that use restricted application credentials together with the EC2/S3 compatibility API (swift3 / s3api) are affected.

Remediation

Install update from vendor's website.

SB2026040848 - Privilege escalation in OpenStack Keystone

Breakdown by Severity

Description

Remediation

References

Please verify you're human