Known Vulnerabilities for products from Openstack
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openstack".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49299 json | Not Provided | 2026-05-28 | 2026-05-29 | |
| CVE-2026-49017 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-44919 json | Not Provided | 2026-05-14 | 2026-05-20 | |
| CVE-2026-44916 json | Not Provided | 2026-05-08 | 2026-05-20 | |
| CVE-2026-44394 json | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propag... | Not Provided | 2026-05-28 | 2026-06-02 |
| CVE-2026-43003 json | An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes g... | Not Provided | 2026-05-01 | 2026-05-04 |
| CVE-2026-43002 json | Not Provided | 2026-05-05 | 2026-05-06 | |
| CVE-2026-43001 json | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied p... | Not Provided | 2026-05-01 | 2026-06-02 |
| CVE-2026-43000 json | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulne... | Not Provided | 2026-05-28 | 2026-06-02 |
| CVE-2026-42999 json | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionall... | Not Provided | 2026-05-28 | 2026-06-02 |
| CVE-2026-42998 json | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does n... | Not Provided | 2026-05-28 | 2026-06-02 |
| CVE-2026-34881 json | OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of H... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2024-1141 json | 5.5 - MEDIUM | 2024-02-01 | 2024-04-01 | |
| CVE-2023-1636 json | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize... | 5 - MEDIUM | 2023-09-24 | 2023-11-07 |
| CVE-2023-1633 json | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configur... | 5.5 - MEDIUM | 2023-09-24 | 2023-11-07 |
| CVE-2023-1625 json | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'sta... | 5 - MEDIUM | 2023-09-24 | 2023-11-07 |
| CVE-2022-47951 json | An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before ... | 5.7 - MEDIUM | 2023-01-26 | 2023-02-06 |
| CVE-2022-47950 json | An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, a... | 6.5 - MEDIUM | 2023-01-18 | 2023-11-07 |
| CVE-2022-45582 json | Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | 6.1 - MEDIUM | 2023-08-22 | 2023-12-01 |
| CVE-2022-38060 json | A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfigur... | 7.8 - HIGH | 2022-12-21 | 2023-07-21 |
Known software with vulnerabilities from Openstack
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openstack | Blazar-dashboard | 0.3.0 |
| Application | Openstack | Ceilometer | 0.1 |
| Application | Openstack | Cinder | 10.0.0 |
| Operating System | Openstack | Cinder | 10.0.0 |
| Application | Openstack | Compute | - |
| Application | Openstack | Devstack | - |
| Application | Openstack | Diablo | 2011.3 |
| Application | Openstack | Essex | 2012.1 |
| Application | Openstack | Folsom | - |
| Application | Openstack | Glance | 0.1.7 |
| Application | Openstack | Grizzly | 2013.1 |
| Application | Openstack | Havana | 2013.2.1 |
| Application | Openstack | Heat | 2013.2 |
| Application | Openstack | Horizon | 10.0.1 |
| Application | Openstack | Icehouse | - |
| Application | Openstack | Image Registry And Delivery Service Glance | - |
| Application | Openstack | Ironic | 4.2.0 |
| Application | Openstack | Ironic-inspector | - |
| Application | Openstack | Juno | 2014.2 |
| Application | Openstack | Keystone | - |