Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3

Type deb

Namespace debian

Name keystone

Version 2:27.0.0-3+deb13u3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5ucj-ubyb-27fx

vulnerability_id VCID-5ucj-ubyb-27fx

summary openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33551

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09353
published_at	2026-06-06T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09278
published_at	2026-06-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09338
published_at	2026-06-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09998
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33551

reference_url

https://bugs.launchpad.net/keystone/+bug/2142138

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/

url

https://bugs.launchpad.net/keystone/+bug/2142138

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551

reference_url

https://github.com/openstack/keystone

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-202.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-202.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33551

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33551

reference_url

https://security.openstack.org/ossa/OSSA-2026-005.html

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/

url

https://security.openstack.org/ossa/OSSA-2026-005.html

reference_url

http://www.openwall.com/lists/oss-security/2026/04/07/12

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/07/12

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118
reference_id	1133118
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451037
reference_id	2451037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451037

reference_url

https://github.com/advisories/GHSA-4phw-6824-6cfp

reference_id

GHSA-4phw-6824-6cfp

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4phw-6824-6cfp

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-33551, GHSA-4phw-6824-6cfp, PYSEC-2026-202

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ucj-ubyb-27fx

url VCID-7b5p-zqzm-3few

vulnerability_id VCID-7b5p-zqzm-3few

summary openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via arbitrary policy attribute injection

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42999.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42999.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42999

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12666
published_at	2026-06-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12781
published_at	2026-06-05T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12785
published_at	2026-06-06T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12748
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42999

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42999
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42999

reference_url

https://bugs.launchpad.net/keystone/+bug/2148398

reference_id

2148398

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/

url

https://bugs.launchpad.net/keystone/+bug/2148398

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2482840
reference_id	2482840
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2482840

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-42999

risk_score 3.8

exploitability 0.5

weighted_severity 7.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b5p-zqzm-3few

url VCID-cage-qr17-fude

vulnerability_id VCID-cage-qr17-fude

summary OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40683

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06015
published_at	2026-06-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07498
published_at	2026-06-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07512
published_at	2026-06-05T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0752
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40683

reference_url

https://bugs.launchpad.net/keystone/+bug/2121152

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://bugs.launchpad.net/keystone/+bug/2121152

reference_url

https://bugs.launchpad.net/keystone/+bug/2141713

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://bugs.launchpad.net/keystone/+bug/2141713

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683

reference_url

https://github.com/openstack/keystone

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40683

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40683

reference_url

https://review.opendev.org/958205

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://review.opendev.org/958205

reference_url

https://www.openwall.com/lists/oss-security/2026/04/14/9

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://www.openwall.com/lists/oss-security/2026/04/14/9

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884
reference_id	1133884
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2458472
reference_id	2458472
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2458472

reference_url

https://github.com/advisories/GHSA-pfx2-9x9m-7ghx

reference_id

GHSA-pfx2-9x9m-7ghx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pfx2-9x9m-7ghx

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-40683, GHSA-pfx2-9x9m-7ghx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cage-qr17-fude

url VCID-eszc-r2p1-xkcv

vulnerability_id VCID-eszc-r2p1-xkcv

summary openstack-keystone: OpenStack Keystone: User impersonation and unauthorized access via insufficient application credential verification.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42998.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42998.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42998

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19944
published_at	2026-06-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20054
published_at	2026-06-05T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20049
published_at	2026-06-06T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.2001
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42998

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42998
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42998

reference_url

https://bugs.launchpad.net/keystone/+bug/2148477

reference_id

2148477

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/

url

https://bugs.launchpad.net/keystone/+bug/2148477

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2482825
reference_id	2482825
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2482825

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-42998

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eszc-r2p1-xkcv

url VCID-hyts-mq72-z7de

vulnerability_id VCID-hyts-mq72-z7de

summary keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43000.json

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43000.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43000

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12666
published_at	2026-06-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12781
published_at	2026-06-05T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12785
published_at	2026-06-06T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12748
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43000

reference_url

https://bugs.launchpad.net/keystone/+bug/2148477

reference_id

2148477

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/

url

https://bugs.launchpad.net/keystone/+bug/2148477

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2482826
reference_id	2482826
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2482826

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-43000

risk_score 3.8

exploitability 0.5

weighted_severity 7.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyts-mq72-z7de

url VCID-v6q4-3362-fyde

vulnerability_id VCID-v6q4-3362-fyde

summary openstack-keystone: OpenStack Keystone: Federated token rescoping allows indefinite access

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44394.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44394.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-44394

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16663
published_at	2026-06-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16785
published_at	2026-06-05T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16781
published_at	2026-06-06T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16745
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-44394

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44394
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44394

reference_url

https://bugs.launchpad.net/keystone/+bug/2150379

reference_id

2150379

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/

url

https://bugs.launchpad.net/keystone/+bug/2150379

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2482842
reference_id	2482842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2482842

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-44394

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6q4-3362-fyde

url VCID-z3ub-exq4-4qgg

vulnerability_id VCID-z3ub-exq4-4qgg

summary OpenStack Keystone: OpenStack Keystone: Unauthorized cross-project access due to improper validation in EC2 credential creation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43001

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04732
published_at	2026-06-06T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04681
published_at	2026-06-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04719
published_at	2026-06-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04747
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43001

reference_url

https://bugs.launchpad.net/keystone/+bug/2149775

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/

url

https://bugs.launchpad.net/keystone/+bug/2149775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43001

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-43001

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-43001

reference_url

https://review.opendev.org/c/openstack/keystone

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone

reference_url

https://review.opendev.org/c/openstack/keystone/+/985804

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/

url

https://review.opendev.org/c/openstack/keystone/+/985804

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645
reference_id	1135645
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2464305
reference_id	2464305
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2464305

reference_url

https://github.com/advisories/GHSA-hhq2-3832-xxcv

reference_id

GHSA-hhq2-3832-xxcv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hhq2-3832-xxcv

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ucj-ubyb-27fx

vulnerability	VCID-7b5p-zqzm-3few

vulnerability	VCID-cage-qr17-fude

vulnerability	VCID-eszc-r2p1-xkcv

vulnerability	VCID-g2mr-xac1-jue9

vulnerability	VCID-hyts-mq72-z7de

vulnerability	VCID-v6q4-3362-fyde

vulnerability	VCID-z3ub-exq4-4qgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

url	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
purl	pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2

url	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
purl	pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

aliases CVE-2026-43001, GHSA-hhq2-3832-xxcv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ub-exq4-4qgg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3

Package Instance