CVE-2026-46611

Summary

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5.

Affected Software

VendorProductVersion RangeStatus
nicolargoglances< 4.5.5affected

Weaknesses

  • CWE-346: CWE-346: Origin Validation Error
  • CWE-350: CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References