CVE-2026-44394 | OpenStack Keystone up to 27.0.1/28.0.1/29.0.1 Authentication Plugin /v3/auth/tokens handle_scoped_token expires_at authorization

A vulnerability categorized as problematic has been discovered in OpenStack Keystone up to 27.0.1/28.0.1/29.0.1. This vulnerability affects the function handle_scoped_token of the file /v3/auth/tokens of the component Authentication Plugin Handler. The manipulation of the argument expires_at results in incorrect authorization.

This vulnerability is cataloged as CVE-2026-44394. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-44394 | OpenStack Keystone up to 27.0.1/28.0.1/29.0.1 Authentication Plugin /v3/auth/tokens handle_scoped_token expires_at authorization

Post correlati

CVE-2023-6871 | Mozilla Firefox up to 120 Protocol denial of service

CVE-2025-22145 | CarbonPHP carbon up to 2.72.5/3.8.3 Carbon::setLocale filename control

CVE-2025-13682 | Trail Manager Plugin up to 1.0.0 on WordPress Setting cross site scripting

CVE-2024-41236 | Kashipara Responsive School Management System 3.2.0 Admin Login Page /smsa/admin_login.php username sql injection