What is CVE-2026-33551?

CVE-2026-33551 is a low-severity vulnerability in Openstack Keystone, classified under Incorrect Authorization. CVSS score: 3.5/10. Published 2026-04-10.

How severe is CVE-2026-33551?

Low severity. CVSS v3 base score is 3.5 out of 10.

Auth bypass in Openstack Keystone

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential c…

Vulnerability class: Broken Access Control

EPSS: 0.000 (10.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N.

Affected products

Openstack Keystone — versions 14.0.0, 27.0.0, 28.0.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

cve@mitre.org (Exploit, Issue Tracking)
cve@mitre.org (Patch, Vendor Advisory)
af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Patch, Third Party Advisory)

Frequently asked questions

What is CVE-2026-33551?: CVE-2026-33551 is a low-severity vulnerability in Openstack Keystone, classified under Incorrect Authorization. CVSS score: 3.5/10. Published 2026-04-10.
How severe is CVE-2026-33551?: Low severity. CVSS v3 base score is 3.5 out of 10.