PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34881 OpenStack CVE debrief

CVE-2026-34881 is a Server-Side Request Forgery (SSRF) vulnerability in OpenStack Glance. An authenticated user can bypass URL validation checks using HTTP redirects, potentially accessing internal services. This issue affects the glance image import functionality, specifically the web-download and glance-download import methods, as well as the optional ovf_process image import plugin. The vulnerability has a CVSS score of 5 and a severity rating of MEDIUM. OpenStack has released patches for this issue, which are available in versions 29.1.1, 30.1.1, and 31.0.0.

Vendor
OpenStack
Product
Glance
CVSS
MEDIUM 5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-31
Original CVE updated
2026-06-30
Advisory published
2026-03-31
Advisory updated
2026-06-30

Who should care

Administrators and users of OpenStack Glance should be aware of this vulnerability and take steps to mitigate it. This includes applying the available patches and ensuring that only authorized users have access to the glance image import functionality. Additionally, users should monitor their systems for any suspicious activity related to this vulnerability.

Technical summary

The CVE-2026-34881 vulnerability is caused by a lack of proper URL validation in OpenStack Glance. An authenticated user can exploit this vulnerability by using HTTP redirects to bypass URL validation checks and access internal services. The vulnerability affects the glance image import functionality and has a CVSS score of 5. OpenStack has released patches for this issue, which are available in versions 29.1.1, 30.1.1, and 31.0.0.

Defensive priority

This vulnerability has a medium severity rating and should be prioritized for patching. Administrators should apply the available patches as soon as possible to prevent exploitation.

Recommended defensive actions

  • Apply the available patches for OpenStack Glance versions 29.1.1, 30.1.1, and 31.0.0.
  • Ensure that only authorized users have access to the glance image import functionality.
  • Monitor systems for any suspicious activity related to this vulnerability.
  • Review and update access controls for glance image import functionality.
  • Consider implementing additional security measures, such as Web Application Firewalls (WAFs), to detect and prevent SSRF attacks.

Evidence notes

The CVE-2026-34881 vulnerability was reported by an unknown source and has a CVSS score of 5. The vulnerability affects OpenStack Glance versions before 29.1.1, 30.1.1, and 31.0.0. OpenStack has released patches for this issue, which are available in the affected versions.

Official resources

This article is AI-assisted and based on the supplied source corpus.