CVE-2026-22797
Publication date 16 January 2026
Last updated 20 January 2026
Ubuntu priority
Description
[Privilege Escalation via Identity Headers in External OAuth2 Tokens]
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| python-keystonemiddleware | 25.10 questing |
Vulnerable
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
Notes
mdeslaur
Introduced in 10.5.0 with: https://github.com/openstack/keystonemiddleware/commit/de15a610e160defb367b224258498727384d10a8
Patch details
| Package | Patch details |
|---|---|
| python-keystonemiddleware |
|