CVE-2026-46611

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published Jun 25, 2026

Vendor unknown

Description

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5.

References

https://github.com/nicolargo/glances/releases/tag/v4.5.5
https://github.com/nicolargo/glances/security/advisories/GHSA-w856-8p3r-p338