{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33641", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T14:24:11.620Z", "datePublished": "2026-04-02T14:57:51.120Z", "dateUpdated": "2026-04-02T16:22:08.154Z"}, "containers": {"cna": {"title": "Glances Vulnerable to Command Injection via Dynamic Configuration Values", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"}, {"name": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"}, {"name": "https://github.com/nicolargo/glances/releases/tag/v4.5.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"version": "< 4.5.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:57:51.120Z"}, "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."}], "source": {"advisory": "GHSA-qhj7-v7h7-q4c7", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T16:09:58.862429Z", "id": "CVE-2026-33641", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T16:22:08.154Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implemented without validation or restriction of the executed commands. If an attacker can modify or influence configuration files, arbitrary commands will execute automatically with the privileges of the Glances process during startup or configuration reload. In deployments where Glances runs with elevated privileges (e.g., as a system service), this may lead to privilege escalation. This issue has been patched in version 4.5.3."}], "id": "CVE-2026-33641", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:40.040", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6"}, {"source": "security-advisories@github.com", "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.3"}, {"source": "security-advisories@github.com", "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glances", "source": "cna", "vendor": "nicolargo"}, "product": "glances", "vendor": "nicolargo"}], "analysis": {"en": {"generated_at": "2026-04-02T16:50:53.554107+00:00", "value": {"mitigation_remediation": ["Update Glances to version 4.5.3 or later, which removes the unsafe back\u2011tick execution feature.", "If an immediate upgrade is not possible, restrict ownership and permissions on the Glances configuration files to the application user and deny write access to untrusted accounts.", "If dynamic configuration parsing is unnecessary, disable the feature or limit the configuration files that the application can read.", "Run the Glances service with the least required privileges, avoiding elevated or root execution whenever feasible."], "summary": {"action": "Immediate Patch", "impact": "Command Execution Possibility"}, "threat_synthesis": {"affected_systems": "All installations of nicolargo Glances prior to version 4.5.3 are affected. Users operating the application with elevated privileges, such as system services or users with administrative rights, are at higher risk because the executed commands inherit those privileges. The vulnerability is not limited to a single instance; any host running an old Glances binary is potentially vulnerable.", "description_and_impact": "Glances is an open\u2011source system monitoring application that, until version 4.5.3, processed configuration entries containing back\u2011ticked substrings as shell commands. The parsing routine executs these commands without any validation or restriction. As a result, any attacker who can modify or influence the configuration files can insert arbitrary shell commands that run with the privileges of the Glances process during startup or when the configuration is reloaded. If Glances is executed as a system service or under an elevated account, this flaw can lead to privilege escalation, allowing the attacker to execute commands with administrative rights on the host.", "risk_and_exploitability": "The CVSS v3.1 base score of 7.8 indicates high severity. Epistemical probability data (EPSS) is not available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires the ability to modify or influence the Glances configuration files; no network\u2011based exploitation path is documented in the input. Therefore, if an attacker has local or remote write access to the configuration location, they can trigger arbitrary command execution. The lack of input validation and the potential for elevated execution make exploitation feasible and dangerous, particularly in environments where Glances runs with system\u2011level privileges."}}}}, "created": "2026-04-02T20:11:34.353640+00:00", "updated": "2026-04-02T20:20:15.781848+00:00", "vendors": ["nicolargo", "nicolargo$PRODUCT$glances"]}