Description
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.
Published: 2026-05-05
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenStack Horizon versions 25.6 and 25.7 before 25.7.3 allow unauthenticated parties to write to the session storage backend. This regression of a prior fix permits the storage to be deliberately drained, effectively exhausting the backend and disrupting normal service operation. The weakness is an improper validation of authentication state before performing a write operation, classified as CWE-696.

Affected Systems

Vulnerable installations of the OpenStack Horizon web dashboard running version 25.6 and any 25.7 releases earlier than 25.7.3 are impacted. Systems using these Horizon versions should verify their deployed releases and consider upgrading to the patched 25.7.3 release or later.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The exploit requires only network access to the Horizon service and does not depend on privileged credentials, making it provable by any user. While no EPSS data is available, the lack of KEV listing suggests the vulnerability has not yet been widely exploited in the wild. Nevertheless, the ability to exhaust session storage could degrade availability and negatively affect user experience.

Generated by OpenCVE AI on May 5, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Horizon to version 25.7.3 or later, which removes the unauthenticated write path
  • If an immediate upgrade is not possible, temporarily reduce the size or rate of session storage writes in the transport layer or by adjusting configuration parameters that limit session persistence
  • Continuously monitor session storage usage for abnormal write patterns or rapid exhaustion, and enforce application-level rate limiting on session write requests

Generated by OpenCVE AI on May 5, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 19:15:00 +0000

Type Values Removed Values Added
Title OpenStack Horizon Session Storage Exhaustion Vulnerability

Tue, 05 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.
First Time appeared Openstack
Openstack horizon
Weaknesses CWE-696
CPEs cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
Vendors & Products Openstack
Openstack horizon
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Openstack Horizon
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-05T17:26:59.504Z

Reserved: 2026-05-01T00:00:00.000Z

Link: CVE-2026-43002

cve-icon Vulnrichment

Updated: 2026-05-05T17:26:49.397Z

cve-icon NVD

Status : Received

Published: 2026-05-05T17:17:04.920

Modified: 2026-05-05T18:16:02.737

Link: CVE-2026-43002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T19:00:12Z

Weaknesses