{"id":5205,"date":"2026-01-15T16:07:18","date_gmt":"2026-01-15T15:07:18","guid":{"rendered":"https:\/\/yaook.cloud\/?page_id=5205"},"modified":"2026-01-19T11:06:27","modified_gmt":"2026-01-19T10:06:27","slug":"security-advisories-cve-2026-22797","status":"publish","type":"page","link":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-22797\/","title":{"rendered":"security-advisories\/cve-2026-22797"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"5205\" class=\"elementor elementor-5205\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-56e0628 e-flex e-con-boxed e-con e-parent\" data-id=\"56e0628\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-050bc69 elementor-widget elementor-widget-text-editor\" data-id=\"050bc69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h1>YAOOK Security Advisory for CVE-2026-22797<\/h1><ul><li>Date: 2026-01-15<\/li><li>Upstream advisory: <a href=\"https:\/\/security.openstack.org\/ossa\/OSSA-2026-001.html\">https:\/\/security.openstack.org\/ossa\/OSSA-2026-001.html<\/a><\/li><li>Upstream bug report: <a href=\"https:\/\/launchpad.net\/bugs\/2129018\">https:\/\/launchpad.net\/bugs\/2129018<\/a><\/li><\/ul><h2>What is CVE-2026-22797 and how does it affect YAOOK?<\/h2><p>The CVE is a vulnerability in OpenStack keystonemiddleware which allows Privilege Escalation via Identity Headers in External OAuth2 Tokens. It needs the external_oauth2_token middleware for keystonemiddleware enabled.<\/p><p>This middleware needs to be activated in api-paste.ini of keystone. As we currently don't allow the user to override this file and at our images the middleware is not activated, Yaook deployments are not affected.<\/p><h2>Is my cluster vulnerable?<\/h2><p>As the middleware can't get activated for yaook clusters currently, no yaook cluster is vulnerable due to that CVE.<\/p><p>Due to that, Yaook will NOT provide hotfixed images or releases. But the upstream OpenStack patches will be added to the new images and get released as soon as the image-pins got updated into the operator-repo, like any other change of upstream.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>YAOOK Security Advisory for CVE-2026-22797 Date: 2026-01-15 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2026-001.html Upstream bug report: https:\/\/launchpad.net\/bugs\/2129018 What is CVE-2026-22797 and how does it affect YAOOK? The CVE is a vulnerability in OpenStack keystonemiddleware which allows Privilege Escalation via Identity Headers in External OAuth2 Tokens. It needs the external_oauth2_token middleware for keystonemiddleware enabled. This middleware needs to be [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5205","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>security-advisories\/cve-2026-22797 &#187; Yaook<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-22797\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"security-advisories\/cve-2026-22797 &#187; Yaook\" \/>\n<meta property=\"og:description\" content=\"YAOOK Security Advisory for CVE-2026-22797 Date: 2026-01-15 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2026-001.html Upstream bug report: https:\/\/launchpad.net\/bugs\/2129018 What is CVE-2026-22797 and how does it affect YAOOK? The CVE is a vulnerability in OpenStack keystonemiddleware which allows Privilege Escalation via Identity Headers in External OAuth2 Tokens. It needs the external_oauth2_token middleware for keystonemiddleware enabled. This middleware needs to be [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-22797\/\" \/>\n<meta property=\"og:site_name\" content=\"Yaook\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-19T10:06:27+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-22797\\\/\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-22797\\\/\",\"name\":\"security-advisories\\\/cve-2026-22797 &#187; Yaook\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\"},\"datePublished\":\"2026-01-15T15:07:18+00:00\",\"dateModified\":\"2026-01-19T10:06:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-22797\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-22797\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-22797\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/yaook.cloud\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"security-advisories\\\/cve-2026-22797\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"name\":\"Yaook\",\"description\":\"The Lifecycle Management Tool for OpenStack\",\"publisher\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/yaook.cloud\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\",\"name\":\"ALASCA e.V.\",\"alternateName\":\"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"contentUrl\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"ALASCA e.V.\"},\"image\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"security-advisories\/cve-2026-22797 \u00bb Yaook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-22797\/","og_locale":"en_GB","og_type":"article","og_title":"security-advisories\/cve-2026-22797 &#187; Yaook","og_description":"YAOOK Security Advisory for CVE-2026-22797 Date: 2026-01-15 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2026-001.html Upstream bug report: https:\/\/launchpad.net\/bugs\/2129018 What is CVE-2026-22797 and how does it affect YAOOK? The CVE is a vulnerability in OpenStack keystonemiddleware which allows Privilege Escalation via Identity Headers in External OAuth2 Tokens. It needs the external_oauth2_token middleware for keystonemiddleware enabled. This middleware needs to be [&hellip;]","og_url":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-22797\/","og_site_name":"Yaook","article_modified_time":"2026-01-19T10:06:27+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-22797\/","url":"https:\/\/yaook.cloud\/security-advisories-cve-2026-22797\/","name":"security-advisories\/cve-2026-22797 \u00bb Yaook","isPartOf":{"@id":"https:\/\/yaook.cloud\/#website"},"datePublished":"2026-01-15T15:07:18+00:00","dateModified":"2026-01-19T10:06:27+00:00","breadcrumb":{"@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-22797\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/yaook.cloud\/security-advisories-cve-2026-22797\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-22797\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/yaook.cloud\/"},{"@type":"ListItem","position":2,"name":"security-advisories\/cve-2026-22797"}]},{"@type":"WebSite","@id":"https:\/\/yaook.cloud\/#website","url":"https:\/\/yaook.cloud\/","name":"Yaook","description":"The Lifecycle Management Tool for OpenStack","publisher":{"@id":"https:\/\/yaook.cloud\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/yaook.cloud\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/yaook.cloud\/#organization","name":"ALASCA e.V.","alternateName":"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.","url":"https:\/\/yaook.cloud\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/","url":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","contentUrl":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","width":512,"height":512,"caption":"ALASCA e.V."},"image":{"@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/comments?post=5205"}],"version-history":[{"count":15,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5205\/revisions"}],"predecessor-version":[{"id":5227,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5205\/revisions\/5227"}],"wp:attachment":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/media?parent=5205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}