CVE-2026-34881 in Glanceinfo

Summary

OpenStack Glance =30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

MITRE

Reservation

03/31/2026

Disclosure

03/31/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
354322OpenStack Glance ovf_process Image Import Plugin server-side request forgery918Not definedOfficial fixCVE-2026-34881

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!