PYSEC-2026-656

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-656.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-656
Aliases
Published
2026-07-02T14:13:21.847931Z
Modified
2026-07-06T08:00:47.569957176Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
Details

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

References

Affected packages

PyPI / keystone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0a0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-656.yaml"