CVE Catalog

CVE-2026-46611

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser.

Risk Assessment

The risk involves potential remote exfiltration of sensitive system data (e.g., processes, network, disks) without authorization, which could lead to confidentiality breaches and further attacks.

Recommendation

It is recommended to immediately update Glances to version 4.5.5 or later. As a temporary mitigation, restrict access to the XML-RPC server to trusted networks only.

Original NVD description (English source)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS