Skip to main content

OpenStack Horizon CVE-2026-43002

| EUVDEUVD-2026-27406 MEDIUM
Incorrect Behavior Order (CWE-696)
2026-05-05 mitre GHSA-vxvf-xvm3-p8j5
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Patch available
May 05, 2026 - 18:02 EUVD
Analysis Generated
May 05, 2026 - 17:30 vuln.today

DescriptionCVE.org

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.

AnalysisAI

OpenStack Horizon 25.6 and 25.7 before 25.7.3 allows unauthenticated remote attackers to exhaust session storage backend resources through repeated requests that trigger write operations prior to authentication, causing denial of service. This is a regression of CVE-2014-8124 and is assigned CVSS 5.3 (network-based, low complexity, no authentication required).

Technical ContextAI

OpenStack Horizon is the web-based management dashboard for OpenStack cloud infrastructure. The vulnerability stems from a session management flaw (CWE-696: Incorrect Behavior Order) where the application writes session data to the backend storage layer before validating user credentials. Session storage backends (typically Redis, Memcached, or database) have finite capacity; an attacker can craft rapid unauthenticated requests that each create a session entry, exhausting available storage space and rendering the dashboard unavailable to legitimate users. This reintroduces a design flaw previously patched in CVE-2014-8124, indicating a regression in code that was later modified.

RemediationAI

Upgrade OpenStack Horizon to version 25.7.3 or later immediately. For Horizon 25.6 users, upgrade to the next stable release series (26.0 or later when available). If immediate patching is not feasible, implement rate limiting at the reverse proxy or load balancer layer (e.g., nginx rate_limit, HAProxy stick-table) to restrict unauthenticated requests per IP address to a low threshold (e.g., 10 requests per 10 seconds), and monitor session storage backend usage for rapid growth indicating ongoing attacks. Additionally, configure session backend storage with appropriate size limits and eviction policies (LRU or TTL-based) to prevent complete exhaustion. These mitigations reduce but do not eliminate risk; patching is strongly recommended.

CVE-2023-40315 HIGH POC
8.0 Aug 17

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FIL

CVE-2023-0872 HIGH POC
8.0 Aug 14

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple pl

CVE-2021-25931 HIGH POC
8.8 May 20

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation

CVE-2012-2144 MEDIUM POC
6.8 Jun 05

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack we

CVE-2012-3540 MEDIUM POC
5.8 Sep 05

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attacke

CVE-2020-29565 MEDIUM POC
6.1 Dec 04

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and

CVE-2021-25935 MEDIUM POC
5.4 May 25

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2

CVE-2021-25934 MEDIUM POC
5.4 May 25

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2

CVE-2012-3426 MEDIUM POC
4.9 Jul 31

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly i

CVE-2023-40313 HIGH
8.8 Aug 17

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridi

CVE-2021-25933 MEDIUM POC
4.8 May 20

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation

CVE-2021-25929 MEDIUM POC
4.8 May 20

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation

Share

CVE-2026-43002 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy