CVE-2026-42999: OpenStack Keystone RBAC Bypass via JSON Request Body Injection
OpenStack Keystone contains a critical authorization bypass vulnerability that allows any authenticated user to escalate their privileges and access resources belonging to other users or projects. The vulnerability stems from a flaw in how Keystone processes policy enforcement—it blindly merges user-supplied JSON request data into the authorization check dictionary, overwriting the trusted database-sourced security context. This means an attacker can simply inject fake user IDs or project IDs into their API request to trick the system into granting them permissions they shouldn't have. The issue affects all versions before 29.0.2 and has existed since Rocky (14.0.0).
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.0 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
- Weaknesses (CWE)
- CWE-639, CWE-863
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-30
NVD description (verbatim)
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0).
5 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The Keystone policy enforcer in the enforce_call function performs an unconditional update of its policy enforcement dictionary with the parsed JSON request body: policy_dict.update(json_input.copy()). Because flask.request.get_json is invoked with force=True, this parsing bypasses HTTP method and Content-Type validation, allowing arbitrary JSON to be interpreted as policy input. An authenticated attacker can inject attributes such as user_id, project_id, or role identifiers that shadow the legitimate values set from database queries during request initialization. The RBAC evaluation then operates against the contaminated dictionary, applying policy rules to attacker-controlled target attributes rather than the actual resource being accessed. This design flaw was introduced in commit 5ea59f52 during the Rocky release cycle.
Business impact
This vulnerability enables lateral movement and privilege escalation within multi-tenant OpenStack deployments. An authenticated user in one project can perform administrative or read operations on resources owned by other users or projects—creating, modifying, or deleting instances, snapshots, volumes, or credentials belonging to competitors or other business units. In regulated environments, this may trigger compliance violations (data exposure, unauthorized modification records) and breach notification obligations. The blast radius depends on Keystone's role in the organization's identity federation; if it is the central identity provider for multiple OpenStack regions or integrated with other services via token validation, the compromise extends across the entire infrastructure ecosystem.
Affected systems
OpenStack Keystone versions before 29.0.2 are affected. The vulnerability was introduced in Rocky (14.0.0) and persists through all subsequent releases. Deployments running Stein, Train, Ussuri, Victoria, Wallaby, Xena, Yoga, Zed, Antelope, and Bobcat are vulnerable. Any Keystone instance that serves authenticated requests and enforces RBAC policies is at risk if not patched.
Exploitability
Exploitability requires authentication—an attacker must possess valid Keystone credentials. The attack surface is the standard Keystone API endpoints that perform resource operations (instance creation, volume management, user provisioning, etc.). The exploit itself is trivial: append or modify JSON fields in the request body to override policy target attributes. No special tooling is required; standard REST clients suffice. The CVSS score of 6.0 (MEDIUM) reflects the authentication requirement and the complexity introduced by the AC:H rating, but the practical impact in multi-tenant environments is substantial. The vulnerability is not currently tracked in the CISA Known Exploited Vulnerabilities catalog, but the simplicity of the attack vector suggests active reconnaissance and exploitation are likely once awareness spreads.
Remediation
Upgrade Keystone to version 29.0.2 or later. The patch corrects the policy enforcer to preserve trusted target attributes from database lookups and to reject or sanitize user-supplied overrides. Organizations unable to patch immediately should implement network-level mitigations: restrict Keystone API access to trusted networks, enforce strict input validation on JSON payloads at a reverse proxy layer (rejecting requests that include policy-sensitive fields like user_id or project_id in the body), and conduct access control audits to detect lateral movement.
Patch guidance
Apply the vendor patch by upgrading to Keystone 29.0.2 or later. Verify the patch against the official OpenStack release notes and security advisories to confirm the specific commit and version alignment for your deployment model (packaged or source-based). Test the upgrade in a staging environment to validate compatibility with downstream services and policy configurations. After patching, review and re-validate RBAC policies to ensure they are functioning as intended; monitor audit logs for suspicious cross-project access patterns during the transition period.
Detection guidance
Search audit logs for API requests that succeeded despite mismatches between the authenticated user context and the resource owner indicated in the request or response. Specifically, flag instances where a Keystone policy enforcement log shows a user_id or project_id in the request body that differs from the authenticated token. Monitor for rapid successive API calls from a single user targeting resources in different projects or owned by different users. Implement runtime detection by instrumenting the enforce_call function to log all policy_dict entries and flag cases where user-supplied JSON overwrites database-derived target attributes. Cross-correlate Keystone audit logs with downstream service logs (Nova, Cinder, etc.) to identify unauthorized resource modifications.
Why prioritize this
Although the CVSS base score is 6.0 (MEDIUM), the practical severity is elevated for multi-tenant deployments. The attack requires only valid credentials and is easily executable, making it an attractive vector for disgruntled insiders or compromised low-privilege accounts. In shared infrastructure or managed service environments, this vulnerability directly undermines tenant isolation. The long presence in the codebase (since Rocky) increases the likelihood of prior unknown exploitation. Prioritize patching based on your deployment's multi-tenancy profile: single-tenant or tightly controlled environments can tolerate a delayed patch window, while large shared clouds should treat this as urgent.
Risk score, explained
The CVSS 3.1 score of 6.0 reflects: Network accessibility (AV:N), High attack complexity (AC:H, due to the need for valid credentials and JSON parsing), Low privilege required (PR:L), no user interaction, and Scope Changed (S:C) to other system components. The impact is Low across confidentiality, integrity, and availability per the vector, but this understates real-world risk in multi-tenant contexts where lateral movement and data exfiltration can have high business impact. The score should inform prioritization alongside organizational context and deployment topology.
Frequently asked questions
Can an unauthenticated attacker exploit this vulnerability?
No. The vulnerability requires valid Keystone credentials. An attacker must be able to authenticate to the Keystone API. However, any authenticated user—even with minimal permissions—can craft a malicious request to escalate privileges or access other users' resources.
Does patching require downtime?
Patching typically requires a Keystone service restart or rolling restart in a clustered deployment, which may result in brief API unavailability. Plan the upgrade during a maintenance window and coordinate with downstream services and users. Test the procedure in a staging environment first.
How do I know if my Keystone instance has been compromised?
Review audit logs for cross-project API calls, unusual resource ownership changes, and requests with mismatched user contexts. Compare Keystone logs with Nova, Cinder, and other service logs to identify unauthorized operations. If you suspect compromise, enable debug logging, analyze policy enforcement decisions, and audit all recent user API calls.
What is the difference between this vulnerability and other Keystone RBAC issues?
This vulnerability is unique because it corrupts the policy enforcement context by allowing request-body data to overwrite trusted database-derived attributes. Other RBAC issues typically involve policy misconfiguration or logic errors. This flaw is a design-level input validation failure in the policy enforcement layer itself.
This analysis is based on the official CVE record and vendor advisories as of the publication date. Security contexts and risk assessments are informed by general multi-tenant infrastructure knowledge and should be tailored to your specific deployment topology, policy configuration, and threat model. Always consult the official OpenStack security advisories and vendor documentation for authoritative patch information and compatibility guidance. SEC.co does not provide exploit code or weaponized attack procedures. If you believe you have been compromised, contact your security team or OpenStack support immediately. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-42998MEDIUMOpenStack Keystone Application Credential Authentication Bypass
- CVE-2026-43000MEDIUMOpenStack Keystone Privilege Escalation via Application Credential Impersonation
- CVE-2026-44394MEDIUMOpenStack Keystone Federated Token Rescoping Bypass – MEDIUM Severity
- CVE-2026-10154MEDIUMDolibarr ERP CRM Authorization Bypass in Messaging Module
- CVE-2026-10211MEDIUMAstrBot 4.23.6 Path Normalization Authorization Bypass
- CVE-2026-10212MEDIUMAstrBot 4.24.2 Authorization Bypass via Session ID Manipulation
- CVE-2026-10597MEDIUMOMICARD EDM Unauthenticated Email Disclosure Vulnerability
- CVE-2026-10616MEDIUMAuthorization Bypass in nextlevelbuilder GoClaw Task Completion