Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN672
_____________________________________________________________________

DATE                : 25/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Openstack Swift versions prior
                              to 2.35.3, 2.36.2, 2.37.2.
 
=====================================================================
https://security.openstack.org/ossa/OSSA-2026-024.html
_____________________________________________________________________


OSSA-2026-024: Swift proxy-server SSRF via header injection

Date:    June 23, 2026
CVE:    CVE-2026-50221

Affects

    Swift: >=2.0.0 <2.35.3, >=2.36.0 <2.36.2, >=2.37.0 <2.37.2

Description

Tim Shephard from roiai.ca reported a server-side request forgery (SSRF)
vulnerability in Swift’s proxy-server. An authenticated user can cause
Swift object servers to issue outbound HTTP requests to
attacker-specified hosts, potentially exposing internal infrastructure
details. All deployments running Swift 2.0.0 or later are affected.


Patches

    https://review.opendev.org/994452 (2025.1/epoxy)

    https://review.opendev.org/994451 (2025.2/flamingo)

    https://review.opendev.org/994450 (2026.1/gazpacho)

    https://review.opendev.org/994449 (2026.2/hibiscus (development))


Credits

    Tim Shephard from roiai.ca (CVE-2026-50221)


References

    https://launchpad.net/bugs/2150261

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50221


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================