5.3
CVE-2026-46611
- EPSS 0.16%
- Veröffentlicht 25.06.2026 18:00:47
- Zuletzt bearbeitet 26.06.2026 04:17:43
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellernicolargo
≫
Produkt
glances
Version
< 4.5.5
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.052 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.
https://github.com/nicolargo/glances/releases/tag/v4.5.5
https://github.com/nicolargo/glances/security/advisories/GHSA-w856-8p3r-p338