CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

PT-2026-49093

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description Insecure deserialization occurs in glances/outdated.py because the load cache function uses pickle.load to read a version-check cache file. This file is stored at predictable, world-accessible paths...