CVE-2026-44394

Published: Mag 28, 2026 Last Modified: Mag 28, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,0
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: low
Availability: low

Description

AI Translation Available

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a user can maintain access indefinitely, bypassing operator-configured token lifetime policies. This is a variant of CVE-2012-3426. Only deployments using federated identity (SAML2, OpenID Connect) are affected.

863

Incorrect Authorization

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control Availability
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
Technologies: Web Server, Database Server, Not Technology-Specific
Likelihood of Exploit: High
View CWE Details
https://bugs.launchpad.net/keystone/+bug/2150379
https://bugs.launchpad.net/keystone/+bug/2150379
https://security.openstack.org/ossa/OSSA-2026-015.html
https://security.openstack.org/ossa/OSSA-2026-015.html