Home / mailings [USN-8008-1] Keystone Middleware vulnerability
Posted on 03 February 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8008-1
February 03, 2026
python-keystonemiddleware vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
Summary:
Keystone Middleware could allow unintended access to network services.
Software Description:
- python-keystonemiddleware: Middleware for OpenStack Identity (Keystone)
Details:
Grzegorz Grasza discovered that the Keystone Middleware incorrectly
sanitized authentication headers before processing OAuth 2.0 tokens. An
attacker could possibly use this issue to escalate privileges or
impersonate other users.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
python3-keystonemiddleware 10.12.0-0ubuntu1.1
Ubuntu 24.04 LTS
python3-keystonemiddleware 10.6.0-0ubuntu1.1
After a standard system update you need to restart Keystone to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-8008-1
CVE-2026-22797
Package Information:
https://launchpad.net/ubuntu/+source/python-keystonemiddleware/10.12.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/python-keystonemiddleware/10.6.0-0ubuntu1.1
--===============2411461074926951070==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
