CVE-2026-34881
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
0th
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.
| CWE | CWE-918 |
| Vendor | openstack |
| Product | glance |
| Published | Mar 31, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for openstack glance
Be the first to know when new medium vulnerabilities affecting openstack glance are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
OpenStack / Glance
0 < 29.1.1 30.0.0 < 30.1.1 31.0.0