Session Storage Vulnerability in OpenStack Horizon by OpenStack
CVE-2026-43002

5.3MEDIUM

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43002?

A vulnerability exists in OpenStack Horizon versions 25.6 and 25.7, allowing unauthenticated write operations to the session storage backend. This flaw can lead to storage exhaustion due to requests that do not require authentication, posing a risk of denial of service. The issue is considered a regression from previous fixes, specifically associated with CVE-2014-8124. It is crucial for users of OpenStack Horizon to update to version 25.7.3 or later to mitigate this risk effectively.

Affected Version(s)

Horizon 25.6.0 < 25.7.3

References

https://bugs.launchpad.net/horizon/+bug/2150331

https://www.openwall.com/lists/oss-security/2026/05/05/7

https://security.openstack.org/ossa/OSSA-2026-009.html

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43002 Data

JSON

Openstack

What is CVE-2026-43002?

Affected Version(s)

References

CVSS V3.1

Timeline