CVE-2026-46611
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/06/2026
Last modified:
26/06/2026
Description
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM



