PT-2026-37090 · Openstack · Openstack Horizon
Erichen
·
Published
2026-05-05
·
Updated
2026-05-06
·
CVE-2026-43002
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
OpenStack Horizon versions 25.6 through 25.7.2
OpenStack Horizon versions 25.7 through 25.7.2
Description
A write operation occurs in the session storage backend before authentication, allowing unauthenticated requests to exhaust the storage. Specifically, the login view stores a post-login redirect URL in the server-side session before the user is authenticated, which can be exploited to cause a session flood.
Recommendations
Update to version 25.7.3.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Horizon