CVE-2026-33641
Command Injection in Glances Configuration Enables Privilege Escalation
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nicolargo | glances | to 4.5.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33641 is a command injection vulnerability in the Glances system monitoring tool affecting versions prior to 4.5.3. Glances supports dynamic configuration values where substrings enclosed in backticks are executed as system commands during configuration parsing. This execution happens in the Config.get_value() method without any validation or restriction of the commands.
If an attacker can modify or influence the configuration files, they can inject arbitrary commands that will be executed automatically with the privileges of the Glances process during startup or configuration reload. This can lead to arbitrary command execution and, in cases where Glances runs with elevated privileges (such as a system service), privilege escalation.
How can this vulnerability impact me? :
This vulnerability allows an attacker who can modify or influence Glances configuration files to execute arbitrary system commands with the privileges of the Glances process.
If Glances runs with elevated privileges, such as root or system service level, this can lead to privilege escalation, allowing the attacker to gain higher-level access to the system.
Potential attack scenarios include environments with misconfigured file permissions, shared systems where configuration directories are writable by untrusted users, containerized environments with mounted configuration volumes, and automated configuration management systems processing untrusted data.
The impact includes compromise of confidentiality, integrity, and availability of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if Glances is running a vulnerable version (prior to 4.5.3) and if configuration files contain substrings enclosed in backticks that get executed as system commands.
One way to test is to create a malicious configuration file with a value containing a command enclosed in backticks, for example: url_prefix = '`id`'. Running Glances with this configuration file (e.g., glances -C /tmp/glances.conf) will execute the command and replace the configuration value with its output.
To detect if the vulnerability is being exploited or present, you can:
- Check the Glances version: glances --version
- Inspect configuration files for backtick-enclosed commands: grep -r '\`.*\`' /path/to/glances/configs
- Monitor process execution or logs for unexpected command executions during Glances startup or reload.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Glances to version 4.5.3 or later, where this vulnerability has been patched.
Additionally, restrict write permissions on Glances configuration files and directories to trusted users only, preventing attackers from modifying or injecting malicious commands.
If upgrading immediately is not possible, avoid running Glances with elevated privileges to reduce the risk of privilege escalation.
Review and sanitize any configuration management or automation systems that deploy Glances configuration files to ensure they do not introduce unsafe backtick-enclosed commands.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary command execution with the privileges of the Glances process, potentially leading to privilege escalation. This can result in unauthorized access to sensitive system information and control, which may compromise confidentiality, integrity, and availability of data.
Such unauthorized access and control could lead to violations of common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.
Therefore, if Glances is deployed in environments subject to these regulations and runs with elevated privileges, this vulnerability could negatively impact compliance by exposing systems to risks of data breaches and unauthorized data manipulation.