CVE-2026-46611
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser.
Risk Assessment
The risk involves potential remote exfiltration of sensitive system data (e.g., processes, network, disks) without authorization, which could lead to confidentiality breaches and further attacks.
Recommendation
It is recommended to immediately update Glances to version 4.5.5 or later. As a temporary mitigation, restrict access to the XML-RPC server to trusted networks only.
Original NVD description (English source)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5.

