Executive Summary

CVE-2026-43002 is a vulnerability in OpenStack Horizon versions 25.6.0 to 25.7.2 where unauthenticated remote attackers can cause a Denial of Service (DoS) by flooding the session storage backend with unbounded session records.

The issue arises because the login view stores a "next" URL parameter in the session before authentication, which forces the backend to create new persistent session entries for each unauthenticated request.

This behavior is a regression of a previous vulnerability (CVE-2014-8124) where a code change bypassed the original mitigation.

As a result, the session storage backend (such as Memcached, Redis, or a database) can be exhausted, leading to legitimate users being logged out and unable to log back in.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a Denial of Service (DoS) condition on the OpenStack Horizon dashboard.

• Attackers can send repeated unauthenticated requests that create excessive session entries, exhausting session storage resources.
• Exhaustion of session storage causes eviction of legitimate user sessions, which can log out users and prevent them from logging back in.
• Administrators may be locked out of the dashboard, disrupting management and operation of the OpenStack environment.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unusual or excessive unauthenticated requests to the OpenStack Horizon login endpoint, specifically requests to the URL pattern `/auth/login/?next=URL` which cause new session entries to be created.

Network or system administrators can look for a high volume of requests to the login URL with varying 'next' parameters from unauthenticated sources, which may indicate an attempt to exhaust session storage.

Commands to help detect this activity might include:

• Using web server logs (e.g., Apache or Nginx) to grep for repeated requests to `/auth/login/` with the 'next' parameter, for example: `grep "/auth/login/?next=" /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr` to identify IPs making many such requests.
• Monitoring session storage backend usage (e.g., Memcached, Redis, or database) for rapid growth in session entries or resource exhaustion.
• Using network monitoring tools or IDS/IPS to detect unusual traffic patterns targeting the Horizon login endpoint.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade OpenStack Horizon to version 25.7.3 or later, where the vulnerability has been fixed by changing the code to store the 'next' URL parameter in a cookie instead of the session before authentication.

Until the upgrade can be applied, administrators should consider implementing network-level protections such as rate limiting or blocking repeated unauthenticated requests to the `/auth/login/` endpoint with the 'next' parameter to prevent session storage exhaustion.

Monitoring and alerting on session storage backend usage can also help detect and respond to exploitation attempts early.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability causes a denial of service by exhausting session storage, which leads to legitimate users being logged out and unable to access the OpenStack Horizon dashboard.

While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, denial of service incidents can impact availability requirements under such regulations.

Specifically, the inability of legitimate users and administrators to access the system could affect operational continuity and availability controls mandated by these standards.

However, there is no direct information provided about data confidentiality or integrity impacts, which are also critical for compliance.

Useful 0 Not Useful 0