Description
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability.
Published: 2026-06-17
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the generation of OpenStack RC files in Horizon releases before 25.7.4, where a project name containing shell metacharacters can be embedded without sanitization. This may expose internal script references within the RC file, potentially leaking sensitive configuration data. Based on the supplied description, it is inferred that, in certain configurations, the unsanitized metacharacters could lead to unintended command execution, but the CVE record does not explicitly confirm such execution.

Affected Systems

All OpenStack Horizon releases prior to version 25.7.4 are affected. Users who create or modify projects with names that include shell metacharacters may be impacted.

Risk and Exploitability

The CVSS score of 6 indicates a moderate severity, while the EPSS score of less than 1% suggests a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote via the Horizon web interface: an attacker must have the ability to submit a crafted project name, after which the resulting RC file may reveal sensitive information or, as an inference, could enable command execution.

Generated by OpenCVE AI on June 18, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenStack Horizon to version 25.7.4 or later to remove the vulnerability.
  • If an upgrade cannot be applied immediately, enforce a policy that rejects or sanitizes project names containing shell metacharacters before they are processed by the system.
  • Implement server‑side sanitization that escapes or removes metacharacters from project names during RC script generation as a temporary measure until a permanent fix is deployed.

Generated by OpenCVE AI on June 18, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6wrm-x65g-hr4p OpenStack Horizon RC file generation does not escape special characters in project names
History

Fri, 19 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title OpenStack Horizon: OpenStack Horizon: Information disclosure or integrity compromise via crafted project name with shell metacharacters
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability.
First Time appeared Openstack
Openstack horizon
Weaknesses CWE-78
CPEs cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*
Vendors & Products Openstack
Openstack horizon
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L'}


Subscriptions

Openstack Horizon
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-17T15:40:12.791Z

Reserved: 2026-06-17T14:12:20.286Z

Link: CVE-2026-55748

cve-icon Vulnrichment

Updated: 2026-06-17T15:40:08.717Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-17T14:12:20Z

Links: CVE-2026-55748 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:45:04Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')