Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-keystone) security update
Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. Security Fix(es): * OpenStack Keystone: Privilege escalation through EC2 credential creation (CVE-2026-33551) * OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
AI Analysis
Technical Summary
Red Hat OpenStack Platform 17.1 (Wallaby) includes a Python-based identity service called Keystone. Two vulnerabilities were fixed: CVE-2026-33551, which allows privilege escalation via EC2 credential creation, and CVE-2025-65073, which allows unauthenticated access to EC2/S3 token endpoints potentially granting Keystone authorization. These issues represent authorization and privilege escalation weaknesses (CWE-863 and CWE-266). Red Hat has issued a security advisory RHSA-2026:28044 with an update to openstack-keystone 19.0.2-17.1.20260529190847.54dd95d.el9ost.noarch.rpm to address these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges within the OpenStack Keystone service or gain unauthorized authorization by accessing token endpoints without authentication. This could compromise identity management and access control within affected OpenStack deployments, potentially leading to unauthorized resource access or administrative control.
Mitigation Recommendations
Red Hat has released an updated package for openstack-keystone as part of Red Hat OpenStack Platform 17.1 for RHEL 9. Applying this official update (openstack-keystone-19.0.2-17.1.20260529190847.54dd95d.el9ost.noarch.rpm) will remediate the vulnerabilities. Administrators should follow Red Hat's update instructions at https://access.redhat.com/articles/11258 to apply the security update promptly. No additional mitigation steps are indicated by the vendor advisory.
Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-keystone) security update
Description
Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. Security Fix(es): * OpenStack Keystone: Privilege escalation through EC2 credential creation (CVE-2026-33551) * OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat OpenStack Platform 17.1 (Wallaby) includes a Python-based identity service called Keystone. Two vulnerabilities were fixed: CVE-2026-33551, which allows privilege escalation via EC2 credential creation, and CVE-2025-65073, which allows unauthenticated access to EC2/S3 token endpoints potentially granting Keystone authorization. These issues represent authorization and privilege escalation weaknesses (CWE-863 and CWE-266). Red Hat has issued a security advisory RHSA-2026:28044 with an update to openstack-keystone 19.0.2-17.1.20260529190847.54dd95d.el9ost.noarch.rpm to address these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges within the OpenStack Keystone service or gain unauthorized authorization by accessing token endpoints without authentication. This could compromise identity management and access control within affected OpenStack deployments, potentially leading to unauthorized resource access or administrative control.
Mitigation Recommendations
Red Hat has released an updated package for openstack-keystone as part of Red Hat OpenStack Platform 17.1 for RHEL 9. Applying this official update (openstack-keystone-19.0.2-17.1.20260529190847.54dd95d.el9ost.noarch.rpm) will remediate the vulnerabilities. Administrators should follow Red Hat's update instructions at https://access.redhat.com/articles/11258 to apply the security update promptly. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:28044
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-33551"]
- Cvss Version
- null
Threat ID: 6a3aab56eed863c81e3a3e01
Added to database: 06/23/2026, 15:50:46 UTC
Last enriched: 06/23/2026, 15:52:32 UTC
Last updated: 06/24/2026, 03:08:59 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.