CVE-2026-43002

Published: Mag 05, 2026 Last Modified: Mag 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low

Description

AI Translation Available

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.

696

Incorrect Behavior Order

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Alter Execution Logic
Applicable Platforms
Technologies: Not Technology-Specific, Web Based
View CWE Details
https://bugs.launchpad.net/horizon/+bug/2150331
https://bugs.launchpad.net/horizon/+bug/2150331
https://bugs.launchpad.net/horizon/+bug/2150331
https://bugs.launchpad.net/horizon/+bug/2150331
https://www.openwall.com/lists/oss-security/2026/05/05/7
https://www.openwall.com/lists/oss-security/2026/05/05/7