PT-2026-29197 · Openstack+2 · Openstack Glance+3
Hyeongeun_Ji
·
Published
2026-03-31
·
Updated
2026-04-22
·
CVE-2026-34881
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Glance versions prior to 29.1.1
OpenStack Glance versions 30.0.0 through 30.1.1
OpenStack Glance version 31.0.0
Description
An authenticated user can bypass URL validation checks and redirect to internal services through HTTP redirects, leading to Server-Side Request Forgery (SSRF). The web-download and glance-download image import methods, as well as the ovf process image import plugin (when enabled), are affected.
Recommendations
Update to a version of OpenStack Glance greater than or equal to 29.1.1.
Update to a version of OpenStack Glance greater than or equal to 30.1.1.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Openstack Glance
Ubuntu
Ovf Process