{"id":5318,"date":"2026-05-28T16:11:34","date_gmt":"2026-05-28T14:11:34","guid":{"rendered":"https:\/\/yaook.cloud\/?page_id=5318"},"modified":"2026-05-28T17:26:07","modified_gmt":"2026-05-28T15:26:07","slug":"security-advisories-cve-2026-42998-43001-44394","status":"publish","type":"page","link":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-42998-43001-44394\/","title":{"rendered":"security-advisories\/cve-2026-42998-43001-44394"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"5318\" class=\"elementor elementor-5318\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-56e0628 e-flex e-con-boxed e-con e-parent\" data-id=\"56e0628\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-050bc69 elementor-widget elementor-widget-text-editor\" data-id=\"050bc69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h1>YAOOK Security Advisory CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394<\/h1><ul><li>Date: 2026-05-28<\/li><li>Upstream advisory: TBD<\/li><\/ul><h2>What are CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 and how do they affect YAOOK?<\/h2><div>These five CVEs in OpenStack Keystone are all post-auth privilege escalation or scope expansion vulnerabilities. All Keystone releases supported by YAOOK are affected. For details of the particular exploitation flows, please consult the upstream advisory.<\/div><div>\u00a0<\/div><div>The YAOOK authors consider CVE-2026-42999 to be the most severe one. It allows cross-project privilege escalation by anyone who can obtain a valid OpenStack token, effectively breaking tenant isolation and potentially allowing escalation to cloud admin privileges.<\/div><h2>Is my cluster vulnerable?<\/h2><div>The following images are vulnerable:<\/div><ul><li>keystone images before 3.0.87<\/li><li>yaook release before 2.3.0<\/li><\/ul><div>If this image is used in your cluster for the keystone-api deployment, the cluster is vulnerable.<\/div><div>\u00a0<\/div><div>The fixed image has been built in a <a href=\"https:\/\/gitlab.com\/yaook-security\/images\/keystone\/-\/pipelines\/2556551510\">private pipeline<\/a> which has been published alongside this advisory to prove the image provenance.<\/div><h2>Upgrading<\/h2><div>A new stable release will be published according to the release cycle and hotfix releases will be produced starting now. You can upgrade to that release simply by updating your operators.<\/div><div>\u00a0<\/div><div>However, due to the severity and low attack complexity of CVE-2026-42999 in particular, we recommend to <strong>Immediately<\/strong> add a\u00a0<a title=\"https:\/\/docs.yaook.cloud\/user\/references\/env-reference.html#envvar-YAOOK_OP_VERSIONS_OVERRIDE\" href=\"https:\/\/docs.yaook.cloud\/user\/references\/env-reference.html#envvar-YAOOK_OP_VERSIONS_OVERRIDE\" target=\"_blank\" rel=\"noopener noreferrer\">YAOOK_OP_VERSIONS_OVERRIDE<\/a>\u00a0variable to your Keystone operator container to pull the image before the YAOOK comprehensive release is ready.<\/div><div>\u00a0<\/div><div>The best way to do this is to set the following in the values.yaml of your keystone-operator (make sure to merge this correctly with an existing values.yaml, if you have that).<\/div><pre class=\"rcx-box rcx-box--full rcx-css-1siaxf\" role=\"region\" data-code-block-wrapper=\"true\"><code class=\"code-colors language-yaml hljs\"><span class=\"hljs-attr\">operator:<\/span>\n    <span class=\"hljs-attr\">extraEnv:<\/span>\n    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">YAOOK_OP_VERSIONS_OVERRIDE<\/span>\n    <span class=\"hljs-attr\">value:<\/span> <span class=\"hljs-string\">|\n        {\n            \"registry.yaook.cloud\/yaook\/keystone-2023.2\": \"registry.yaook.cloud\/yaook\/keystone-2023.2:3.0.87\",\n            \"registry.yaook.cloud\/yaook\/keystone-2024.1\": \"registry.yaook.cloud\/yaook\/keystone-2024.1:3.0.87\",\n            \"registry.yaook.cloud\/yaook\/keystone-2024.2\": \"registry.yaook.cloud\/yaook\/keystone-2024.2:3.0.87\",\n            \"registry.yaook.cloud\/yaook\/keystone-2025.1\": \"registry.yaook.cloud\/yaook\/keystone-2025.1:3.0.87\",\n            \"registry.yaook.cloud\/yaook\/keystone-2025.2\": \"registry.yaook.cloud\/yaook\/keystone-2025.2:3.0.87\"\n        }<\/span><\/code><\/pre><div>If you are not using Helm, you can add the environment variable to the <code class=\"code-colors inline\">env<\/code>\u00a0section of your keystone-operator's Deployment's pod template.<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>YAOOK Security Advisory CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 Date: 2026-05-28 Upstream advisory: TBD What are CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 and how do they affect YAOOK? These five CVEs in OpenStack Keystone are all post-auth privilege escalation or\u00a0scope expansion vulnerabilities. All Keystone releases supported by YAOOK are\u00a0affected. For details of the particular exploitation flows, please [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5318","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>security-advisories\/cve-2026-42998-43001-44394 &#187; Yaook<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-42998-43001-44394\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"security-advisories\/cve-2026-42998-43001-44394 &#187; Yaook\" \/>\n<meta property=\"og:description\" content=\"YAOOK Security Advisory CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 Date: 2026-05-28 Upstream advisory: TBD What are CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 and how do they affect YAOOK? These five CVEs in OpenStack Keystone are all post-auth privilege escalation or\u00a0scope expansion vulnerabilities. All Keystone releases supported by YAOOK are\u00a0affected. For details of the particular exploitation flows, please [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-42998-43001-44394\/\" \/>\n<meta property=\"og:site_name\" content=\"Yaook\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-28T15:26:07+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-42998-43001-44394\\\/\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-42998-43001-44394\\\/\",\"name\":\"security-advisories\\\/cve-2026-42998-43001-44394 &#187; Yaook\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\"},\"datePublished\":\"2026-05-28T14:11:34+00:00\",\"dateModified\":\"2026-05-28T15:26:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-42998-43001-44394\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-42998-43001-44394\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2026-42998-43001-44394\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/yaook.cloud\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"security-advisories\\\/cve-2026-42998-43001-44394\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"name\":\"Yaook\",\"description\":\"The Lifecycle Management Tool for OpenStack\",\"publisher\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/yaook.cloud\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\",\"name\":\"ALASCA e.V.\",\"alternateName\":\"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"contentUrl\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"ALASCA e.V.\"},\"image\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"security-advisories\/cve-2026-42998-43001-44394 \u00bb Yaook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-42998-43001-44394\/","og_locale":"en_GB","og_type":"article","og_title":"security-advisories\/cve-2026-42998-43001-44394 &#187; Yaook","og_description":"YAOOK Security Advisory CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 Date: 2026-05-28 Upstream advisory: TBD What are CVE-2026-42998, CVE-2026-42999, CVE-2026-42300, CVE-2026-42301, CVE-2026-44394 and how do they affect YAOOK? These five CVEs in OpenStack Keystone are all post-auth privilege escalation or\u00a0scope expansion vulnerabilities. All Keystone releases supported by YAOOK are\u00a0affected. For details of the particular exploitation flows, please [&hellip;]","og_url":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2026-42998-43001-44394\/","og_site_name":"Yaook","article_modified_time":"2026-05-28T15:26:07+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-42998-43001-44394\/","url":"https:\/\/yaook.cloud\/security-advisories-cve-2026-42998-43001-44394\/","name":"security-advisories\/cve-2026-42998-43001-44394 \u00bb Yaook","isPartOf":{"@id":"https:\/\/yaook.cloud\/#website"},"datePublished":"2026-05-28T14:11:34+00:00","dateModified":"2026-05-28T15:26:07+00:00","breadcrumb":{"@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-42998-43001-44394\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/yaook.cloud\/security-advisories-cve-2026-42998-43001-44394\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2026-42998-43001-44394\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/yaook.cloud\/"},{"@type":"ListItem","position":2,"name":"security-advisories\/cve-2026-42998-43001-44394"}]},{"@type":"WebSite","@id":"https:\/\/yaook.cloud\/#website","url":"https:\/\/yaook.cloud\/","name":"Yaook","description":"The Lifecycle Management Tool for OpenStack","publisher":{"@id":"https:\/\/yaook.cloud\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/yaook.cloud\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/yaook.cloud\/#organization","name":"ALASCA e.V.","alternateName":"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.","url":"https:\/\/yaook.cloud\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/","url":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","contentUrl":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","width":512,"height":512,"caption":"ALASCA e.V."},"image":{"@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/comments?post=5318"}],"version-history":[{"count":20,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5318\/revisions"}],"predecessor-version":[{"id":5345,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5318\/revisions\/5345"}],"wp:attachment":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/media?parent=5318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}