SSRF in Openstack Swift
CVE-2026-50221
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authentica…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Openstack Swift — versions 2.0.0, 2.36.0, 2.37.0