Main Vulnerability Database SB2026042838

SB2026042838 - Ubuntu update for glance

Published: April 28, 2026

Security Bulletin ID SB2026042838

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2024-32498)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of file paths inside a QCOW2 image. A remote user can supply a specially crafted QCOW2 image that references a specific data file path and view the contents of the file.

2) Input validation error (CVE-ID: CVE-2026-34881)

The vulnerability allows a remote user to access internal services.

The vulnerability exists due to improper input validation in the web-download import method when following HTTP redirects. A remote user can provide a URL that passes validation and redirects to an internal or disallowed resource to access internal services.

Only the glance image import functionality is affected.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-8199-1