Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

glances — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in glances, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of security vulnerabilities, specifically weakness entries, associated with the Glances monitoring tool. It focuses on identifying and cataloging common security flaws such as command injection, cross-site scripting, and privilege escalation issues that may affect this open-source system monitoring application. The data collected here covers a broad spectrum of vulnerability types, ranging from critical remote code execution risks to minor information disclosure defects. The time range for these records spans from the initial release of the software through recent updates, ensuring that both legacy and current security concerns are documented. This extensive historical context allows users to see how the vendor has addressed security over time and which areas remain potentially exposed. By navigating this resource, you can effectively track Glances-related security advisories to stay informed about patches and mitigations. You can also deepen your understanding of specific weakness classes and their potential impact on system monitoring environments. Additionally, the page serves as a centralized hub to look up the complete vulnerability history for the product, facilitating risk assessment and security auditing for administrators who rely on Glances for performance and health checks. This structured approach to vulnerability data helps streamline security management processes.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533) CWE-183 7.4 High2026-06-25
CVE-2026-46607 Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution CWE-502 7.8 High2026-06-25
CVE-2026-53925 Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration CWE-22 7.8 High2026-06-25
CVE-2026-46606 Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py CWE-78 7.8 High2026-06-25
CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack CWE-346 5.3 Medium2026-06-25
CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values CWE-89 6.3 Medium2026-04-20
CVE-2026-35587 Glances IP Plugin has SSRF via public_api that leads to credential leakage CWE-918 9.8AICriticalAI2026-04-20
CVE-2026-34839 Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS CWE-200 6.5AIMediumAI2026-04-20
CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values CWE-78 7.8 High2026-04-02
CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard CWE-942 8.1AIHighAI2026-04-02
CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers CWE-346 8.1 High2026-03-18
CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` CWE-200 9.1 Critical2026-03-18
CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding CWE-346 5.9 Medium2026-03-18
CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements CWE-89 7.0 High2026-03-18
CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft CWE-942 8.1 High2026-03-18
CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials CWE-200 7.5 High2026-03-18
CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates CWE-78 7.0 High2026-03-18
CVE-2026-32596 Glances exposes the REST API without authentication CWE-200 9.1 -2026-03-18
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export CWE-89 9.8AICriticalAI2026-03-10
CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets CWE-200 9.1AICriticalAI2026-03-10
CVE-2021-23418 XML External Entity (XXE) Injection 6.3 Medium2021-07-29

All 21 known CVE vulnerabilities affecting glances with full Chinese analysis, references, and POCs where available.