CVE-2026-32608

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2

Description Glances is a system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables populated with runtime monitoring data. The secure popen() function executes these commands, implementing its own pipe, redirect, and chain operator handling. When a Mustache-rendered value, such as a process name or container name, contains pipe, redirect, or chain metacharacters, the rendered command is split in unintended ways, potentially allowing an attacker who controls these values to inject arbitrary commands. The secure popen() function splits the command string by characters like &&, >, and |, then executes each segment as a separate subprocess. The redirect handler can also write to arbitrary file paths. An attacker who can control a process name, container name, or filesystem mount point can potentially execute arbitrary commands as the Glances process user, potentially leading to privilege escalation.

Recommendations Versions prior to 4.5.2 should be updated to version 4.5.2 or later.