CVE-2026-34881

NameCVE-2026-34881
DescriptionOpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1131274

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glance (PTS)bullseye2:21.0.0-2+deb11u1vulnerable
bullseye (security)2:21.1.0-1+deb11u2vulnerable
bookworm, bookworm (security)2:25.1.0-2+deb12u1vulnerable
trixie2:30.0.0-3vulnerable
forky, sid2:32.0.0~rc2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glancesource(unstable)2:31.0.0-31131274

Notes

[trixie] - glance <no-dsa> (Minor issue)
[bookworm] - glance <no-dsa> (Minor issue)
[bullseye] - glance <postponed> (Minor issue, potential infoleak)
https://www.openwall.com/lists/oss-security/2026/03/19/3
https://bugs.launchpad.net/glance/+bug/2138602
https://security.openstack.org/ossa/OSSA-2026-004.html
Search for package or bug name: Reporting problems