{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-55748", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-06-17T14:12:20.286Z", "datePublished": "2026-06-17T14:12:20.715Z", "dateUpdated": "2026-06-17T15:40:12.791Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Horizon", "vendor": "OpenStack", "versions": [{"lessThan": "25.3.3", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThan": "25.5.3", "status": "affected", "version": "25.4.0", "versionType": "semver"}, {"lessThan": "25.7.4", "status": "affected", "version": "25.6.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-17T14:12:20.715Z"}, "references": [{"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0097"}, {"url": "https://launchpad.net/bugs/2152240"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "25.3.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "versionStartIncluding": "25.4.0", "versionEndExcluding": "25.5.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "versionStartIncluding": "25.6.0", "versionEndExcluding": "25.7.4"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T15:40:00.409005Z", "id": "CVE-2026-55748", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T15:40:12.791Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-55748", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-17T15:40:00.409005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T15:40:08.717Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenStack", "product": "Horizon", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "25.3.3", "versionType": "semver"}, {"status": "affected", "version": "25.4.0", "lessThan": "25.5.3", "versionType": "semver"}, {"status": "affected", "version": "25.6.0", "lessThan": "25.7.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0097"}, {"url": "https://launchpad.net/bugs/2152240"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.3.3", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.5.3", "versionStartIncluding": "25.4.0"}, {"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.7.4", "versionStartIncluding": "25.6.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-17T14:12:20.715Z"}}}, "cveMetadata": {"cveId": "CVE-2026-55748", "state": "PUBLISHED", "dateUpdated": "2026-06-17T15:40:12.791Z", "dateReserved": "2026-06-17T14:12:20.286Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-06-17T14:12:20.715Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "OpenStack Horizon: OpenStack Horizon: Information disclosure or integrity compromise via crafted project name with shell metacharacters", "id": "2489863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489863"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-78", "details": ["A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially leading to information disclosure or integrity compromise. This issue is considered by some as a security hardening opportunity rather than a direct vulnerability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-55748", "package_state": [{"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-horizon", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "rhosp-rhel8/openstack-horizon", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "rhosp-rhel9/openstack-horizon", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "rhoso/openstack-horizon-rhel9", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2026-06-17T14:12:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-55748\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-55748\nhttps://launchpad.net/bugs/2152240\nhttps://wiki.openstack.org/wiki/OSSN/OSSN-0097"], "statement": "This Moderate impact flaw in OpenStack Horizon on Red Hat OpenStack Platform allows a highly privileged remote attacker to potentially achieve information disclosure or integrity compromise. Exploitation requires user interaction and the ability to craft project names with shell metacharacters, which are then processed during the generation of OpenStack RC files. The specific conditions and high privileges required limit the overall risk.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,25.3.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[25.4.0,25.5.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[25.6.0,25.7.4)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Horizon", "source": "cna", "vendor": "OpenStack"}, "product": "horizon", "vendor": "openstack"}], "created": "2026-06-18T20:45:03.338786+00:00", "updated": "2026-06-18T21:45:04.768019+00:00", "vendors": ["openstack", "openstack$PRODUCT$horizon"]}