Threats Tagged 'cve-2026-42998'
View all threats tagged with 'cve-2026-42998'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-42998'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-42998: CWE-863 Incorrect Authorization in OpenStack KeystoneCVE-2026-42998 0 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application credential ID and secret while specifying a different user's name and domain in the request body. Keystone issues a token attributed to the victim user. The impersonated token is project-scoped and carries the intersection of the application credential's roles and the victim's actual roles on the project. This enables audit evasion, reading the victim's credentials, and acting as the victim within shared projects. Join the discussion | CVE Database V5 | 05/28/2026, 00:00:00 UTC Added: 05/28/2026, 18:48:37 UTC |
Showing 1 to 1 of 1 result