Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Critical vulnerability in OpenStack keystonemiddleware could lead to privilege escalation or impersonation, Patch Immediately!
Image
Publié : 20/01/2026
* Last update: 20/01/2026
* Affected software:: OpenStack keystonemiddleware
* Type: Privilege escalation
* CVE/CVSS: CVE-2026-22797: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)
Sources
Security advisory: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018
Risks
In January 2026, OpenStack published a security advisory for an escalation privilege vulnerability affecting keystonemiddleware. This vulnerability was given the reference CVE-2026-22797 and a CVSS score of 9.9. CVE-2026-22797 has a high impact on confidentiality and integrity, and a low impact on availability.
OpenStack is an open-source cloud platform used to manage public, private and hybrid cloud environments. OpenStack is primarily used in data centres and cloud environments. Large organisations are also known to use this technology.
OpenStack keystonemiddleware is a mechanism used for authentication and authorisation in OpenStack projects. Threat actors are likely to find vulnerabilities affecting this particularly valuable as it could give them access to confidential resources. Access to cloud projects could also be leveraged to pivot laterally for further compromise.
There is currently no report of active exploitation (cut-off date: 20 January 2026).
Description
CVE-2026-22797 is an authentication bypass by spoofing vulnerability affecting OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1.
The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated remote attacker may escalate privileges or impersonate other users including administrators.
Please note that all deployments using the external_oauth2_token middleware are affected.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Article by The Hacker Wire: https://www.thehackerwire.com/openstack-keystonemiddleware-auth-bypass-privesc-cve-2026-22797/
Article by Security Online: https://securityonline.info/openstack-admin-forgery-cve-2026-22797-lets-users-ask-for-root/