{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-34881", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-31T05:29:07.975Z", "datePublished": "2026-03-31T05:29:08.449Z", "dateUpdated": "2026-04-02T18:20:21.022Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Glance", "vendor": "OpenStack", "versions": [{"lessThan": "29.1.1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "30.1.1", "status": "affected", "version": "30.0.0", "versionType": "semver"}, {"status": "affected", "version": "31.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-02T18:20:21.022Z"}, "references": [{"url": "https://bugs.launchpad.net/glance/+bug/2138602"}, {"url": "https://security.openstack.org/ossa/OSSA-2026-004.html"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "versionEndExcluding": "29.1.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "versionStartIncluding": "30.0.0", "versionEndExcluding": "30.1.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "versionStartIncluding": "31.0.0", "versionEndIncluding": "31.0.0"}]}]}]}, "adp": [{"references": [{"url": "https://bugs.launchpad.net/glance/+bug/2138602", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:47:30.640583Z", "id": "CVE-2026-34881", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:47:36.130Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34881", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T13:47:30.640583Z"}}}], "references": [{"url": "https://bugs.launchpad.net/glance/+bug/2138602", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:47:25.950Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenStack", "product": "Glance", "versions": [{"status": "affected", "version": "0", "lessThan": "29.1.1", "versionType": "semver"}, {"status": "affected", "version": "30.0.0", "lessThan": "30.1.1", "versionType": "semver"}, {"status": "affected", "version": "31.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugs.launchpad.net/glance/+bug/2138602"}, {"url": "https://security.openstack.org/ossa/OSSA-2026-004.html"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "29.1.1"}, {"criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "30.1.1", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "31.0.0", "versionStartIncluding": "31.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-02T17:46:00.290Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34881", "state": "PUBLISHED", "dateUpdated": "2026-04-02T17:46:00.290Z", "dateReserved": "2026-03-31T05:29:07.975Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-31T05:29:08.449Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin."}, {"lang": "es", "value": "OpenStack Glance &lt;29.1.1, &gt;=30.0.0 &lt;30.1.1, ==31.0.0 se ve afectado por Falsificaci\u00f3n de Petici\u00f3n del Lado del Servidor (SSRF). Mediante el uso de redirecciones HTTP, un usuario autenticado puede eludir las comprobaciones de validaci\u00f3n de URL y redirigir a servicios internos. Solo la funcionalidad de importaci\u00f3n de im\u00e1genes de Glance se ve afectada. En particular, los m\u00e9todos de importaci\u00f3n web-download y glance-download est\u00e1n sujetos a esta vulnerabilidad, al igual que el plugin de importaci\u00f3n de im\u00e1genes ovf_process opcional (no habilitado por defecto)."}], "id": "CVE-2026-34881", "lastModified": "2026-04-02T19:21:35.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-03-31T06:16:01.130", "references": [{"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/glance/+bug/2138602"}, {"source": "cve@mitre.org", "url": "https://security.openstack.org/ossa/OSSA-2026-004.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://bugs.launchpad.net/glance/+bug/2138602"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "OpenStack Glance: OpenStack Glance: Server-Side Request Forgery via HTTP redirects in image import", "id": "2453289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453289"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.", "A flaw was found in OpenStack Glance. An authenticated user can exploit this Server-Side Request Forgery (SSRF) vulnerability by using HTTP redirects to bypass URL validation checks. This allows the user to redirect to internal services. The vulnerability specifically affects the glance image import functionality, including the web-download and glance-download import methods, and the optional ovf_process image import plugin."], "name": "CVE-2026-34881", "package_state": [{"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "redhat-user-workloads/openstack-glance-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "redhat-user-workloads/openstack-glance-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "openstack-glance", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/openstack-glance-api", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "openstack-glance", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/openstack-glance-api", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "openstack-glance", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/openstack-glance-api", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2026-03-31T05:29:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34881\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34881\nhttps://bugs.launchpad.net/glance/+bug/2138602\nhttps://security.openstack.org/ossa/OSSA-2026-004.html"], "threat_severity": "Moderate"}