OpenStack Glance SSRF flaw could expose internal networks via image import and download paths
Published Mar 19, 2026, 5:51 PM UTC
Key entities
TLDR
An Ubuntu security notice confirms an SSRF-class vulnerability in OpenStack Glance’s remote image import/download validation that could let attackers pivot to internal resources; prioritize patching affected Glance packages on supported Ubuntu releases and review image import policies now.
Why this matters
Risk concentration for OpenStack operators: Because Glance mediates image import and download workflows, flawed validation of remote sources and redirects could be abused to reach internal endpoints (metadata, control-plane, or tenant services) via SSRF, increasing blast radius in multi-tenant clouds (inference from G…
What changed
- Ubuntu published USN-8111-1 detailing incorrect validation in OpenStack Glance for IP address checks and redirect destination URLs when downloading or importing images from remote sources, enabling potential SSRF and leakage of sensitive information.
- No corroborating advisories from other vendors are included in the current source set, but the USN is an official, primary disclosure with patch availability cues for Ubuntu-packaged Glance.
- Geopolitical news items surfaced concurrently but are unrelated to enterprise/critical-infrastructure cyber risk and provide no technical vulnerability detail.
Topic context
Use this page when you need a tighter view of zero-days, ransomware, outage-linked cyber risk, and critical-infrastructure incidents without reading every advisory feed directly. Key angles: ransomware, zero-day, cve-, vulnerability.
Summary
Ubuntu’s USN-8111-1 discloses incorrect validation of IP addresses and redirect destinations in OpenStack Glance’s remote image import and download logic, enabling potential server-side request forgery that could expose sensitive internal services; this presents near-term risk for OpenStack operators relying on remote image sources and redirects, and warrants expedited updates and policy review.