vulnerability
Ubuntu: USN-8008-1 (CVE-2026-22797): Keystone Middleware vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:P) | Jan 19, 2026 | Feb 4, 2026 | Feb 5, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:P)
Published
Jan 19, 2026
Added
Feb 4, 2026
Modified
Feb 5, 2026
Description
Grzegorz Grasza discovered that the Keystone Middleware incorrectly
sanitized authentication headers before processing OAuth 2.0 tokens. An
attacker could possibly use this issue to escalate privileges or
impersonate other users.
Solution
ubuntu-upgrade-python3-keystonemiddleware
References
- CVE-2026-22797
- https://attackerkb.com/topics/CVE-2026-22797
- CWE-290
- UBUNTU-USN-8008-1
- URL-https://security.openstack.org/ossa/OSSA-2026-001.html
- URL-https://ubuntu.com/security/notices/USN-8008-1
- URL-https://www.cve.org/CVERecord?id=CVE-2026-22797
- URL-https://www.openwall.com/lists/oss-security/2026/01/15/1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.