security-advisories/cve-2026-42301

1.0Yaookhttps://yaook.cloud/enStefan Hoffmannhttps://yaook.cloud/en/author/yaook-admin/security-advisories/cve-2026-42301 » Yaookrich600338<blockquote class="wp-embedded-content" data-secret="lTLubnu43M"><a href="https://yaook.cloud/en/security-advisories-cve-2026-42301/">security-advisories/cve-2026-42301</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://yaook.cloud/en/security-advisories-cve-2026-42301/embed/#?secret=lTLubnu43M" width="600" height="338" title="“security-advisories/cve-2026-42301” — Yaook" data-secret="lTLubnu43M" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script> /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://yaook.cloud/wp-includes/js/wp-embed.min.js </script>YAOOK Security Advisory CVE-2026-42301 Date: 2026-05-27 Upstream bug report: https://bugs.launchpad.net/keystone/+bug/2149775 What is CVE-2026-42301 and how does it affect YAOOK? CVE-2026-42301 allows an attacker who gets hold of an unrestricted application credential to cross project boundaries to another project, if that project is accessible to the user who created the application credential. Thus, the project scoping […]