Permalink
CVE-2026-55748
6.0 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): High (H)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file …
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability.
Affected products
Horizon
- <25.7.4
- <25.5.3
- <25.3.3
Matching in nixpkgs
pkgs.horizon-eda
Free EDA software to develop printed circuit boards
pkgs.omnissa-horizon-client
Allows you to connect to your Omnissa Horizon virtual desktop
pkgs.python312Packages.horizon-eda
None
pkgs.python313Packages.horizon-eda
Free EDA software to develop printed circuit boards
pkgs.python314Packages.horizon-eda
Free EDA software to develop printed circuit boards
pkgs.azure-cli-extensions.horizondb
None
pkgs.haskellPackages.horizontal-rule
horizontal rule for the terminal
pkgs.haskellPackages.jpl-horizons-api
Ephemerides for solar system objects from the JPL Horizons service
pkgs.gnomeExtensions.status-area-horizontal-spacing
Reduce the horizontal spacing between icons in the top-right status area
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@guserav guserav
-
@mhutter Manuel Hutter <manuel@hutter.io>