SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via unsanitized configuration values in the Cassandra export module. An attacker can redirect monitoring data to an unauthorized Cassandra keyspace and exfiltrate...

Permissive Cross-domain Policy with Untrusted Domains

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the REST API when a permissive CORS policy is configured, allowing unauthenticated cross-origin requests to access...

CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

Linux Distros Unpatched Vulnerability : CVE-2026-33533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML- RPC server activated with glances -s or glances --serv...

Linux Distros Unpatched Vulnerability : CVE-2026-33641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings...

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.3 contained security vulnerabilities. These vulnerabilities stemmed from insufficient Content-Type validation in the XML-RPC server and improper CORS configuration, which could lead to data leaks...

croparray (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-33641 via glances (=3.2.7)

glances PYPI version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on glances and may be impacted: - croparray =0.1.0, =0.1.1 Source cves: CVE-2026-33641 Source advisory: OSV:GHSA-QHJ7-V7H7-Q4C7...

CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

Linux Distros Unpatched Vulnerability : CVE-2026-32608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when...

Linux Distros Unpatched Vulnerability : CVE-2026-32596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with...

Linux Distros Unpatched Vulnerability : CVE-2026-32632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5....

croparray (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-32608 via glances (=3.2.7)

glances PYPI version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on glances and may be impacted: - croparray =0.1.0, =0.1.1 Source cves: CVE-2026-32608 Source advisory: OSV:GHSA-VCV2-Q258-WRG7...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Glances vulnerability (USN-5187-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5187-1 advisory. It was discovered that Glances incorrectly parsed untrusted XML data due to usage of xmlrpclib. An attacker could possibly use this to...

UBUNTU-CVE-2021-23418

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...