CVE-2026-32608 in glances
Summary
by MITRE • 03/18/2026
Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables (e.g., `{{name}}`, `{{key}}`) that are populated with runtime monitoring data. The `secure_popen()` function, which executes these commands, implements its own pipe, redirect, and chain operator handling by splitting the command string before passing each segment to `subprocess.Popen(shell=False)`. Prior to 4.5.2, when a Mustache-rendered value (such as a process name, filesystem mount point, or container name) contains pipe, redirect, or chain metacharacters, the rendered command is split in unintended ways, allowing an attacker who controls a process name or container name to inject arbitrary commands. Version 4.5.2 fixes the issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/22/2026
The vulnerability identified as CVE-2026-32608 affects Glances, an open-source cross-platform system monitoring tool that enables administrators to configure automated actions based on system thresholds. This monitoring system includes an action framework that allows execution of shell commands when specific conditions are met, providing a powerful mechanism for automated response to system events. The system utilizes Mustache template variables to dynamically populate command parameters with runtime monitoring data, including process names, filesystem mount points, and container names. This templating capability, while useful for flexible automation, introduces a critical security flaw in how command execution is handled.
The technical flaw resides in the `secure_popen()` function implementation within Glances versions prior to 4.5.2. This function is responsible for executing shell commands configured through the action system, and it implements custom handling for pipe, redirect, and chain operators by splitting command strings before passing individual segments to `subprocess.Popen(shell=False)`. The vulnerability occurs when Mustache-rendered values contain shell metacharacters such as pipes (|), redirects (>), or command chaining operators (;;). When these characters appear in process names, mount points, or container names that are subsequently rendered into commands, the custom splitting logic incorrectly parses the command string, leading to unintended command injection. This issue represents a classic command injection vulnerability where attacker-controllable input is improperly sanitized before shell execution.
The operational impact of this vulnerability is significant for organizations relying on Glances for system monitoring, particularly in environments where untrusted data might be present in process names or container identifiers. Attackers who can influence process names, container names, or other monitored system elements can craft malicious input that, when rendered into commands, executes arbitrary shell commands with the privileges of the Glances process. This could lead to privilege escalation, data exfiltration, system compromise, or disruption of monitoring operations. The vulnerability affects the core action system functionality, potentially allowing attackers to bypass security controls and execute unauthorized operations on monitored systems. The flaw is particularly concerning because it leverages legitimate system monitoring features to enable malicious command execution, making detection more challenging.
Mitigation strategies for CVE-2026-32608 primarily involve upgrading to Glances version 4.5.2 or later, which contains the necessary fixes for the command parsing logic. Organizations should also implement strict input validation for all monitored system elements that might be used in action templates, particularly those related to process names, filesystem paths, and container identifiers. Security configurations should limit the privileges of the Glances process to the minimum required for monitoring operations. Additional protective measures include regular auditing of action configurations, implementing network segmentation to limit exposure, and monitoring for unauthorized command execution patterns. From a compliance perspective, this vulnerability aligns with CWE-78, which addresses OS Command Injection, and maps to ATT&CK technique T1059.001 for Command and Scripting Interpreter, specifically shell commands. Organizations should also consider implementing application whitelisting for shell execution and monitoring for unusual command patterns that might indicate exploitation attempts.