Main Vulnerability Database SB2026042831

SB2026042831 - SSRF in Openstack Glance

Published: April 28, 2026

Security Bulletin ID SB2026042831

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2026-34881)

The vulnerability allows a remote user to access internal services.

The vulnerability exists due to improper input validation in the web-download import method when following HTTP redirects. A remote user can provide a URL that passes validation and redirects to an internal or disallowed resource to access internal services.

Only the glance image import functionality is affected.

Remediation

Install update from vendor's website.

References

https://security.openstack.org/ossa/OSSA-2026-004.html
https://launchpad.net/bugs/2138602