CVE-2026-50221
OpenStack Swift: Server-Side Request Forgery via Internal Header Injection
Description
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to redirect container update requests to an attacker-controlled server, enabling server-side request forgery. The SSRF requests expose internal cluster metadata including storage policy indexes, partition mappings, device names, and when at rest encryption is enabled, cipher text and initialization vectors for the container-level encryption key. The attacker can also cause "ghost listings" in arbitrary containers via the shard-range redirect mechanism.
INFO
Published Date :
June 23, 2026, 5:03 p.m.
Last Modified :
June 23, 2026, 5:03 p.m.
Remotely Exploit :
Yes !
Source :
mitre
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | MEDIUM | 8254265b-2729-46b6-b9e3-3dfca2d5bfca |
Solution
- Update OpenStack Swift proxy-server to version 2.37.2 or later.
- Ensure internal update headers are properly stripped.
- Restrict write access for authenticated users.
- Monitor for unauthorized container update requests.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-50221 vulnerability anywhere in the article.