{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33641", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T14:24:11.620Z", "datePublished": "2026-04-02T14:57:51.120Z", "dateUpdated": "2026-04-02T16:22:08.154Z"}, "containers": {"cna": {"title": "Glances Vulnerable to Command Injection via Dynamic Configuration Values", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"}, {"name": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"}, {"name": "https://github.com/nicolargo/glances/releases/tag/v4.5.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"version": "< 4.5.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:57:51.120Z"}, "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."}], "source": {"advisory": "GHSA-qhj7-v7h7-q4c7", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T16:09:58.862429Z", "id": "CVE-2026-33641", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T16:22:08.154Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33641", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T16:09:58.862429Z"}}}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T16:14:00.569Z"}}], "cna": {"title": "Glances Vulnerable to Command Injection via Dynamic Configuration Values", "source": {"advisory": "GHSA-qhj7-v7h7-q4c7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"status": "affected", "version": "< 4.5.3"}]}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "name": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6", "name": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3", "name": "https://github.com/nicolargo/glances/releases/tag/v4.5.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:57:51.120Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33641", "state": "PUBLISHED", "dateUpdated": "2026-04-02T16:22:08.154Z", "dateReserved": "2026-03-23T14:24:11.620Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T14:57:51.120Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D5895A8-B817-4EFE-BA8C-A8A9156139A7", "versionEndExcluding": "4.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."}], "id": "CVE-2026-33641", "lastModified": "2026-04-07T14:59:46.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:40.040", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glances", "source": "cna", "vendor": "nicolargo"}, "product": "glances", "vendor": "nicolargo"}], "analysis": {"en": {"generated_at": "2026-04-07T19:57:00.357360+00:00", "value": {"mitigation_remediation": ["Update Glances to version 4.5.3 or later, which removes the vulnerability.", "After applying the patch, ensure the configuration directory and files are owned by the Glances user and have restrictive permissions (e.g., 600) to prevent unauthorized modification.", "If an immediate upgrade is not possible, consider placing the Glances process in a non\u2011privileged account or restricting its ability to read and write configuration files."], "summary": {"action": "Immediate Patch", "impact": "Command Injection leading to Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Glances system monitoring tool from nicolargo. All versions prior to 4.5.3 are impacted, including any deployments where the service runs as root or another privileged account. The official fix is delivered in release 4.5.3, which removes execution of backticked expressions and sanitises configuration values. If the application is still running an older release, it remains susceptible.", "description_and_impact": "Glances allowed dynamic configuration values where substrings wrapped in backticks are interpreted as shell commands and executed during configuration parsing. Because the code path in Config.get_value() does not validate or restrict these commands, an attacker who can modify the configuration file can inject arbitrary shell commands. If Glances runs with elevated privileges, such injection can lead to privilege escalation and compromise the host. The weakness matches CWE\u201178: Improper Neutralization of Special Elements used in an OS Command.", "risk_and_exploitability": "With a CVSS base score of 7.8 the vulnerability is considered high risk. However, the EPSS score indicates that exploitation likelihood is below 1\u202f%. The issue has not been listed in CISA\u2019s KEV catalog, suggesting no widespread automated exploitation. The attack requires the attacker to write to the Glances configuration file or otherwise influence its content, which may be possible through local access, compromised user accounts, or network exposure of configuration endpoints. If vulnerable, an attacker can execute arbitrary commands with the same privileges as the Glances process, potentially gaining root access on systems where the service runs as root."}}}}, "created": "2026-04-02T20:11:34.353640+00:00", "updated": "2026-04-08T19:55:41.697734+00:00", "vendors": ["nicolargo", "nicolargo$PRODUCT$glances"]}