CVE-2026-43002

Summary

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.

Affected Software

VendorProductVersion RangeStatus
OpenStackHorizon25.6.0 < 25.7.3affected

Weaknesses

  • CWE-696: CWE-696 Incorrect Behavior Order

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References