CVE-2026-34881

N/A

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

服务端请求伪造(SSRF)

OpenStack Glance 安全漏洞

OpenStack Glance是Mirrors of opendev.org/openstack开源的一个虚拟机镜像存储与管理服务。 OpenStack Glance 29.1.1之前版本、30.0.0至30.1.1之前版本和31.0.0版本存在安全漏洞，该漏洞源于URL验证检查可被绕过，可能导致服务端请求伪造攻击。

N/A

N/A