CVE-2026-22797 | OpenStack keystonemiddleware up to 10.7.1/10.9.0/10.12.0 external_oauth2_token authentication spoofing
A vulnerability was found in OpenStack keystonemiddleware up to 10.7.1/10.9.0/10.12.0 and classified as critical. This affects the function external_oauth2_token. Executing a manipulation can lead to authentication bypass by spoofing.
This vulnerability is registered as CVE-2026-22797. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.