CVE-2026-43000
published 2026-05-28CVE-2026-43000: An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.33%
24.5th percentile
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| openstack | keystone | >= 14.0.0 < 27.0.2 | 27.0.2 |
| openstack | keystone | >= 28.0.0 < 28.0.2 | 28.0.2 |
| openstack | keystone | >= 29.0.0 < 29.0.2 | 29.0.2 |
| rhoso | openstack-keystone-rhel9 | — | — |
| rhosp-rhel8 | openstack-keystone | — | — |
| rhosp-rhel9 | openstack-keystone | — | — |
| rhosp13 | openstack-keystone | — | — |
| ubuntu | keystone | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenStack Keystone vulnerabilities
vendor_ubuntu·2026-06-16·CVSS 5.3
CVE-2026-44394 [MEDIUM] OpenStack Keystone vulnerabilities
Title: OpenStack Keystone vulnerabilities
Summary: Several security issues were fixed in OpenStack Keystone.
It was discovered that OpenStack Keystone allowed restricted application
credentials to create EC2 credentials. An authenticated attacker with only
a reader role could possibly use this issue to bypass the role restrictions
imposed on the application credential. (CVE-2026-33551)
It was discovered that the OpenStack Keystone LDAP identity backend did
not correctly convert the user enabled attribute to a boolean value.
An attacker could possibly use this issue to authenticate as a user disabled
in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,
and Ubuntu 25.10. (CVE-2026-40683)
It was discovered that OpenStack Keystone's application credential
authentication pl
Chrome
Stable Channel Update for Desktop: CVE-2026-10881
vendor_chrome·2026-06-02
CVE-2026-10881 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-10881
Stable Channel Update for Desktop
CVE-2026-10881: Out of bounds read and write in ANGLE. Reported by Anonymous on 2026-04-02 [$43000][ 503420443 ] Critical CVE-2026-10882: Use after free in Network
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17 [$5000][ 503768143 ] Critical CVE-2026-10883: Out of bounds write in ANGLE
Severity: critical
Red Hat
keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse
vendor_redhat·2026-05-28·CVSS 8.8
CVE-2026-43000 [HIGH] CWE-266 keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse
keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse
A flaw was found in OpenStack Keystone. An attacker with a member role on a project can escalate their privileges to an administrator role. This is achieved by combining an application credential impersonation vulnerability with the misuse of Keystone trusts. The system incorrectly validates delegated roles against the victim's actual database roles instead of the requesting token, allowing the attacker to create a trust that grants them the victim's administrative privileges. This trust can then be used to maintain persistent access.
Statement: This IMPORTANT privilege escalation in Keystone allows project members to gain admin access by chaining application credential im
Chrome
Stable Channel Update for Desktop: CVE-2026-9872
vendor_chrome·2026-05-27
CVE-2026-9872 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-9872
Stable Channel Update for Desktop
CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga on 2026-04-21 [$43000][ 507365348 ] Critical CVE-2026-9873: Use after free in Network
Reported by cinzinga on 2026-04-28 [$11000][ 500609038 ] Critical CVE-2026-9874: Use after free in Dawn
Severity: critical
Chrome
Stable Channel Update for Desktop: CVE-2026-5858
vendor_chrome·2026-04-07·CVSS 8.8
CVE-2026-5858 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-5858
Stable Channel Update for Desktop
CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17 [$43000][ 494158331 ] Critical CVE-2026-5859: Integer overflow in WebML
Reported by Anonymous on 2026-03-19 [$11000][ 486495143 ] High CVE-2026-5860: Use after free in WebRTC
Severity: critical
CISA
Apple Multiple products Use-After-Free Vulnerability
cisa·2026-03-05·CVSS 8.8
CVE-2023-43000 [HIGH] CWE-416 Apple Multiple products Use-After-Free Vulnerability
Vulnerability: Apple Multiple products Use-After-Free Vulnerability
Affected: Apple Multiple Products
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000
Remediation Due Date: 2026-03-26
VulDB
OpenStack Keystone up to 27.0.1/28.0.1/29.0.1 authorization
vuldb·2026-05-28·CVSS 6.0
CVE-2026-43000 [MEDIUM] OpenStack Keystone up to 27.0.1/28.0.1/29.0.1 authorization
A vulnerability classified as problematic was found in OpenStack Keystone up to 27.0.1/28.0.1/29.0.1. The affected element is an unknown function. Executing a manipulation can lead to incorrect authorization.
This vulnerability is handled as CVE-2026-43000. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-q623-f4j4-p4xj: An issue was discovered in OpenStack Keystone before 29
ghsa_unreviewed·2026-05-28
CVE-2026-43000 [MEDIUM] CWE-863 GHSA-q623-f4j4-p4xj: An issue was discovered in OpenStack Keystone before 29
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-43000 keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse
bugzilla·2026-05-28·CVSS 8.8
CVE-2026-43000 [HIGH] CVE-2026-43000 keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse
CVE-2026-43000 keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts an
Bugzilla
CVE-2023-43000 webkit2gtk4.0: Processing maliciously crafted web content may lead to memory corruption [fedora-42]
bugzilla·2025-11-21·CVSS 8.8
CVE-2023-43000 [HIGH] CVE-2023-43000 webkit2gtk4.0: Processing maliciously crafted web content may lead to memory corruption [fedora-42]
CVE-2023-43000 webkit2gtk4.0: Processing maliciously crafted web content may lead to memory corruption [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
2026-05-28
Published