Medium severity5.3NVD Advisory· Published May 5, 2026· Updated May 7, 2026

CVE-2026-43002

Description

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
horizonPyPI	>= 25.6, < 25.7.3	25.7.3

Affected products

OpenStack/Horizoninferred
Range: >=25.6, <25.7.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-vxvf-xvm3-p8j5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-43002ghsaADVISORY
bugs.launchpad.net/horizon/+bug/2150331nvdWEB
security.openstack.org/ossa/OSSA-2026-009.htmlnvdWEB
www.openwall.com/lists/oss-security/2026/05/05/7nvdWEB

News mentions

AI cyber capability is speeding past earlier projections
Help Net Security · May 14, 2026
AI models are getting better at replacing cybersecurity pros on certain tasks
The Register Security · May 14, 2026
Why the approaching flood of vulnerabilities changes everything — and what to do about it
Tenable Blog · May 8, 2026

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000