{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32608", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-12T14:54:24.270Z", "datePublished": "2026-03-18T06:03:22.153Z", "dateUpdated": "2026-03-18T15:39:15.123Z"}, "containers": {"cna": {"title": "Glances has a Command Injection via Process Names in Action Command Templates", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7"}, {"name": "https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107"}, {"name": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2"}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"version": "< 4.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-18T06:03:22.153Z"}, "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables (e.g., `{{name}}`, `{{key}}`) that are populated with runtime monitoring data. The `secure_popen()` function, which executes these commands, implements its own pipe, redirect, and chain operator handling by splitting the command string before passing each segment to `subprocess.Popen(shell=False)`. Prior to 4.5.2, when a Mustache-rendered value (such as a process name, filesystem mount point, or container name) contains pipe, redirect, or chain metacharacters, the rendered command is split in unintended ways, allowing an attacker who controls a process name or container name to inject arbitrary commands. Version 4.5.2 fixes the issue."}], "source": {"advisory": "GHSA-vcv2-q258-wrg7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T15:38:16.679632Z", "id": "CVE-2026-32608", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T15:39:15.123Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32608", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T15:38:16.679632Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T15:39:05.574Z"}}], "cna": {"title": "Glances has a Command Injection via Process Names in Action Command Templates", "source": {"advisory": "GHSA-vcv2-q258-wrg7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"status": "affected", "version": "< 4.5.2"}]}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7", "name": "https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107", "name": "https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "name": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables (e.g., `{{name}}`, `{{key}}`) that are populated with runtime monitoring data. The `secure_popen()` function, which executes these commands, implements its own pipe, redirect, and chain operator handling by splitting the command string before passing each segment to `subprocess.Popen(shell=False)`. Prior to 4.5.2, when a Mustache-rendered value (such as a process name, filesystem mount point, or container name) contains pipe, redirect, or chain metacharacters, the rendered command is split in unintended ways, allowing an attacker who controls a process name or container name to inject arbitrary commands. Version 4.5.2 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-18T06:03:22.153Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32608", "state": "PUBLISHED", "dateUpdated": "2026-03-18T15:39:15.123Z", "dateReserved": "2026-03-12T14:54:24.270Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-18T06:03:22.153Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FC19E01-80F1-43BB-912C-39FE99143A59", "versionEndExcluding": "4.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables (e.g., `{{name}}`, `{{key}}`) that are populated with runtime monitoring data. The `secure_popen()` function, which executes these commands, implements its own pipe, redirect, and chain operator handling by splitting the command string before passing each segment to `subprocess.Popen(shell=False)`. Prior to 4.5.2, when a Mustache-rendered value (such as a process name, filesystem mount point, or container name) contains pipe, redirect, or chain metacharacters, the rendered command is split in unintended ways, allowing an attacker who controls a process name or container name to inject arbitrary commands. Version 4.5.2 fixes the issue."}], "id": "CVE-2026-32608", "lastModified": "2026-03-18T18:27:43.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-18T07:16:21.447", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glances", "source": "cna", "vendor": "nicolargo"}, "product": "glances", "vendor": "nicolargo"}], "analysis": {"en": {"generated_at": "2026-03-18T19:36:56.715861+00:00", "value": {"mitigation_remediation": ["Upgrade Glances to version\u202f4.5.2 or later."], "summary": {"action": "Apply Patch", "impact": "Command Injection / Arbitrary Command Execution"}, "threat_synthesis": {"affected_systems": "The vulnerable product is nicolargo:Glances. All versions prior to 4.5.2 are affected. This includes the CPE cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*. Users running these earlier releases should be aware of the risk.", "description_and_impact": "Glances, an open-source system monitoring tool, allows administrators to configure shell commands that run when thresholds are breached. These commands use Mustache template variables that are replaced with runtime data. Prior to version\u00a04.5.2 the secure_popen() routine would split a command string on pipe, redirect, or chain metacharacters before invoking subprocess.Popen(shell=False). When a template value such as a process name contains these characters, the command is split in unintended ways, enabling an attacker who can control a process name or container name to inject arbitrary shell commands (CWE\u201178). The impact is the ability for an attacker to execute arbitrary commands on the host system, potentially compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score is 7, indicating high severity, while the EPSS score is below 1\u202f%, suggesting exploitation is unlikely as of now. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires the ability to influence process or container names that are referenced in action command templates, which can be achieved locally or remotely if an attacker can create such names. The insecure handling of mustache-rendered values allows command splitting, providing a code execution path once the condition is met."}}}}, "created": "2026-03-18T10:41:46.368821+00:00", "updated": "2026-03-24T10:59:15.481577+00:00", "vendors": ["nicolargo", "nicolargo$PRODUCT$glances"]}