PYSEC-2026-814

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2026-814.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-814
Aliases
Published
2026-07-06T08:03:24.990051Z
Modified
2026-07-07T11:45:46.379783806Z
Severity
  • 5.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
OpenStack Glance Server-Side Request Forgery (SSRF)
Details

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

References

Affected packages

PyPI / glance

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.0a0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2026-814.yaml"