CVE-2026-33551EPSS p11.3%

CVE-2026-33551CVE-2026-33551

openstack / keystone

Description

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that use restricted application credentials in combination with the EC2/S3 compatibility API (swift3 / s3api) are affected.

Scoring

CVSS 3.5 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
EPSS0.21% probability of exploitation · percentile 11.3% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-43001
CVE
CVE-2026-42998
CVE
CVE-2026-43000
CVE
CVE-2026-22797
CVE
CVE-2026-44394
CVE
CVE-2026-39910
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.