THREAT OPS › Threat News › [NVD] CVE-2026-43001 (HIGH 7.9) — An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted app
[NVD] CVE-2026-43001 (HIGH 7.9) — An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted app
CVE-2026-43001 CVSS: 7.9 HIGH Published: 2026-05-01T09:16:17.273
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 cre
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- CVE-2026-43001cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-43001