CVE-2026-46611

uvx -U glances

• /api/4/containers stays ~4-5s with ~60 Docker containers #3559
• Crash when using --sparkline #3547
• VMs section does not show LOAD 1/5/15min values #3535
• Fix AMD GPU detection for multi-digit DRM card numbers #3578
• Keep auto unit within limits, so columns stay aligned #3558
• Rest status check shouldn't require auth #3544
• Logging configuration to use boolean value #3536
• Fix filesystem aliases for mixed-case mount points #3532
• Regression in Disk I/O reporting #3546

• Add meter for CPU and MEM of GPU in the Quicklook plugin #1711
• Add cpu limit to docker, podman and lxd containers #3557
• GPU Monitoring (ARM / RaspberryPi) #1048
• GPU plugin: display proc and temperature on NVIDIA Jetson (Tegra) integrated #3580

• Arbitrary file write and command execution in AMP command configuration - Correct CVE-2026-53925
• XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack - Correct CVE-2026-46611
• XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard - Correct CVE-2026-46608
• Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution - Correct CVE-2026-46607
• Command Injection via KVM/QEMU VM Domain Names in virsh.py - Correct CVE-2026-46606

• Add top 10 slowest plugins summary at end of --issue output #3572
• Update documentation for hide/show #3546
• Refactor: Improve load additional plugins Maintainability, Safety, and Plugin Discovery #3561
• Refactor: Reduce Cyclomatic complexity of display top Issue #3549
• Refactor: Reduce Cyclomatic complexity of display popup() #3542
• Refactor: Compute spacing
• Refactor: handle quicklook required for display²
• Refactor: Get plugin Width & get stats summary
• Add unit test to containers/docker plugin

• Glances Alpine Docker images are now based on Alpine 3.24
• Glances Ubuntu Docker images are now based on Ubuntu 26.04