PYSEC-2026-2520

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2026-2520.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2520
Aliases
Published
2026-07-13T15:15:37.289488Z
Modified
2026-07-13T16:31:57.272245536Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
OpenStack Horizon has Incorrect Behavior Order
Details

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.

References

Affected packages

PyPI / horizon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
25.6
Fixed
25.7.3

Affected versions

25.*
25.6.0
25.7.0
25.7.1
25.7.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2026-2520.yaml"