Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Keystone — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Keystone, with AI-generated Chinese analysis, references, and POCs.

Keystone is an open-source identity service within the OpenStack cloud computing platform, focusing on authentication, authorization, and service catalog management. This vulnerability aggregation page collects security weaknesses, configuration errors, and implementation flaws associated with Keystone, covering incidents and advisories released from its initial open-source inception through recent major releases. By consolidating data from various vendors, security trackers, and community reports, the platform provides a comprehensive view of the product's security posture over time. Readers can use this resource to track how different distributions and forks of Keystone handle security advisories, gaining insight into patching speeds and response consistency across the ecosystem. The page also allows users to understand the prevalence and nature of specific weakness classes, such as privilege escalation, injection attacks, or improper access control, within the context of Keystone's architecture. Furthermore, you can look up a specific version of Keystone to review its historical vulnerability landscape, identifying trends in bug types and severity levels that have impacted the software. This structured overview helps security teams, auditors, and developers assess risk, prioritize updates, and implement mitigation strategies effectively. The data is organized to facilitate easy cross-referencing between CVE identifiers, CWE categories, and vendor-specific notes, ensuring that stakeholders have a clear and accurate picture of the security challenges faced by this critical identity management component.

Vendor: keystone

CVE IDTitleCVSSSeverityPublished
CVE-2026-10802 keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption CWE-400 4.3 Medium2026-06-04
CVE-2026-44394 OpenStack Keystone 安全漏洞 CWE-863 6.0 Medium2026-05-28
CVE-2026-43000 OpenStack Keystone 安全漏洞 CWE-863 6.0 Medium2026-05-28
CVE-2026-42999 OpenStack Keystone 安全漏洞 CWE-863 6.0 Medium2026-05-28
CVE-2026-42998 OpenStack Keystone 安全漏洞 CWE-863 6.0 Medium2026-05-28
CVE-2026-43001 OpenStack Keystone 安全漏洞 CWE-863 7.9 High2026-05-01
CVE-2026-40683 OpenStack Keystone 安全漏洞 CWE-843 7.7 High2026-04-14
CVE-2026-33551 OpenStack Keystone 安全漏洞 CWE-863 3.5 Low2026-04-10
CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany CWE-863 4.3 Medium2026-03-24
CVE-2025-65073 Keystone 安全漏洞 CWE-863 7.5 High2025-11-17
CVE-2025-46720 Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields CWE-203 3.1 Low2025-05-05
CVE-2023-40027 Conditionally missing authorization in @keystone-6/core CWE-862 3.7 Low2023-08-15
CVE-2023-34247 @keystone-6/auth Open Redirect vulnerability CWE-601 6.1 Medium2023-06-13
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild CWE-74 9.8 Critical2022-11-03
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field CWE-285 9.1 Critical2022-10-25
CVE-2021-3563 Red Hat OpenStack Platform 安全漏洞 CWE-863 7.4 -2022-08-26
CVE-2012-1572 OpenStack Keystone 资源管理错误漏洞 7.5 -2019-11-12
CVE-2013-2255 OpenStack Keystone和OpenStack Compute 信任管理问题漏洞 5.9 -2019-11-01

All 18 known CVE vulnerabilities affecting Keystone with full Chinese analysis, references, and POCs where available.