CVE-2026-53925
Deferred Deferred - Pending Action

Path Traversal and Command Injection in Glances Monitoring Tool

Vulnerability report for CVE-2026-53925, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: GitHub, Inc.

Description

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via >), chain arbitrary commands (via &&), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-07-16
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
glances glances From 4.0.8 (inc) to 4.5.5 (inc)
nicolargo glances From 4.0.8 (inc) to 4.5.5 (exc)
nicolargo glances 4.5.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Glances monitoring tool versions from 4.0.8 until 4.5.5 in the secure_popen() function located in glances/secure.py. The function interprets shell operators such as > (file redirection), | (pipe), and && (command chaining) in command strings without validating the target file paths or commands.

When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from the glances.conf file, these values are passed directly to secure_popen() without any sanitization. This allows an attacker who can modify the Glances configuration file to execute arbitrary actions such as writing arbitrary content to any filesystem path, chaining arbitrary commands, or piping command output to arbitrary programs.

The vulnerability is fixed in version 4.5.5.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker with the ability to modify the Glances configuration file to execute arbitrary commands and write arbitrary files on the system.

  • Arbitrary file write: An attacker can write any content to any file path, potentially overwriting critical system or application files.
  • Command chaining: The attacker can execute multiple chained commands, increasing the scope of malicious actions.
  • Command output piping: The attacker can pipe command outputs to arbitrary programs, potentially leading to data leakage or further exploitation.

Overall, this can lead to full system compromise, data loss, or disruption of services.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Glances to version 4.5.5 or later, where the issue has been fixed.

Additionally, restrict or prevent unauthorized modification of the Glances configuration file (glances.conf) to avoid attackers injecting malicious commands.

Compliance Impact

This vulnerability allows an attacker with access to modify the Glances configuration file to write arbitrary content to any filesystem path, execute arbitrary commands, or exfiltrate data. Such unauthorized actions can lead to breaches of confidentiality, integrity, and availability of sensitive data.

Because of these impacts, organizations using affected versions of Glances may face challenges in maintaining compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access or modification.

Detection Guidance

This vulnerability can be detected by checking if the Glances configuration file (glances.conf) contains any command or service_cmd values that include shell operators such as >, |, or && which are passed to the secure_popen() function without sanitization.

You can manually inspect the glances.conf file for suspicious command strings that use these operators.

Additionally, monitoring for unexpected file writes or command executions triggered by Glances could indicate exploitation attempts.

Example commands to detect suspicious patterns in the configuration file include:

  • grep -E '(>|\||&&)' /path/to/glances.conf
  • grep -rE '(>|\||&&)' /etc/glances/ # if configuration is stored in /etc/glances/
  • audit or monitor file changes to glances.conf using tools like inotifywait or auditd to detect unauthorized modifications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53925. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart