CVE-2026-46607
Deferred Deferred - Pending Action
Arbitrary Code Execution in Glances via Malicious Pickle Cache

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: GitHub, Inc.

Description
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path β€” through any of several realistic local or container-level scenarios β€” can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-46607
EUVD
EUVD-2026-39519
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
glances glances 4.5.5
nicolargo glances to 4.5.5_dev1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-46607 is a vulnerability in the Glances system monitoring tool related to insecure deserialization. Specifically, the tool uses Python's pickle.load() to read a version-check cache file stored at a predictable and world-accessible location without any integrity checks, signature verification, or format validation.

Because the cache file is stored in a location that can be written to by an attacker with local or container-level access, an attacker can plant a malicious pickle file. When Glances starts and loads this file, the malicious payload executes arbitrary code with the privileges of the user running Glances.

This vulnerability affects versions of Glances prior to 4.5.5 and is fixed in version 4.5.5.

Impact Analysis

This vulnerability can lead to arbitrary code execution on the affected system with the privileges of the user running Glances. An attacker who can write to the cache file location can execute malicious commands the next time Glances starts with version checking enabled.

The impact includes full compromise of confidentiality, integrity, and availability of the system. If Glances is running with elevated privileges (such as root), the attacker can gain complete control over the system.

  • Local privilege escalation on shared multi-user systems.
  • Container or shared-volume poisoning.
  • Symlink race conditions (TOCTOU) attacks.
Detection Guidance

This vulnerability involves insecure deserialization of a pickle file located at a predictable path such as ~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db. Detection involves checking for the presence and contents of this cache file and verifying if it has been modified or replaced by an untrusted source.

You can detect potential exploitation or presence of malicious files by inspecting the cache file permissions and contents, and by monitoring file changes in the cache directory.

  • Check if the vulnerable Glances version is installed (prior to 4.5.5): glances --version
  • Locate the cache file: ls -l ~/.cache/glances/glances-version.db
  • Check permissions of the cache directory to ensure it is not world-writable: ls -ld ~/.cache/glances
  • Monitor for unexpected changes or suspicious files in the cache directory: inotifywait -m ~/.cache/glances
  • If you suspect compromise, inspect the cache file with a hex editor or strings command to look for suspicious pickle payloads: strings ~/.cache/glances/glances-version.db
Mitigation Strategies

The primary mitigation is to upgrade Glances to version 4.5.5 or later, where this vulnerability has been fixed.

Additional immediate steps include restricting access to the cache directory to prevent unauthorized write access.

  • Upgrade Glances to version 4.5.5 or newer.
  • Restrict permissions on the cache directory to 0700 to prevent other users from writing malicious pickle files: chmod 700 ~/.cache/glances
  • If upgrading is not immediately possible, consider disabling version checking in Glances to avoid loading the vulnerable pickle file.
  • Avoid running Glances with elevated privileges (such as root) unless absolutely necessary.

Long term, the recommended fix is to replace pickle with a safer serialization format like JSON or protect the cache file with an HMAC and secret key.

Compliance Impact

The vulnerability allows an attacker to achieve arbitrary code execution with the privileges of the user running Glances, potentially leading to full compromise of confidentiality, integrity, and availability of the system.

Such a compromise can result in unauthorized access to sensitive data, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of personal and health information.

If Glances is run with elevated privileges (e.g., as root), the risk and impact on compliance are even greater due to the potential for broader system control and data exposure.

Mitigations such as replacing pickle with safer serialization methods, restricting cache directory permissions, and applying security patches are necessary to reduce the risk of non-compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46607. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart