PYSEC-2026-816

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2026-816.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-816
Aliases
Published
2026-07-06T08:03:25.683815Z
Modified
2026-07-07T11:45:37.141807055Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
Details

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

References

Affected packages

PyPI / glance

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2011.2
Fixed
2014.2.4
Introduced
2015.1.0
Fixed
2015.1.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2026-816.yaml"