Glances is a widely used open-source cross-platform system monitoring tool that allows administrators to configure shell commands executed when certain monitoring thresholds are exceeded. These commands can include Mustache template variables, which are dynamically replaced with runtime data such as process names, filesystem mount points, or container names. The vulnerability (CVE-2026-32608) stems from the secure_popen() function's method of executing these commands. This function attempts to handle shell pipe, redirect, and chain operators by splitting the command string before passing each segment to subprocess.Popen with shell=False. However, if a Mustache-rendered variable contains shell metacharacters (e.g., |, >, &&), the splitting logic misinterprets these characters, allowing an attacker who can control the content of these variables to inject arbitrary OS commands. This is a classic OS command injection vulnerability categorized under CWE-78. Exploitation requires the attacker to have low-level privileges on the monitored system to influence process or container names but does not require user interaction. The vulnerability affects all Glances versions prior to 4.5.2, where the issue has been fixed by properly sanitizing or handling special characters in the rendered command strings. No known exploits are currently reported in the wild, but the high impact and relatively straightforward exploitation vector make this a significant risk for affected systems.

Successful exploitation of this vulnerability can lead to arbitrary command execution with the privileges of the Glances monitoring process, which typically runs with low privileges but may have access to sensitive system information and control. This can compromise system confidentiality by exposing sensitive data, integrity by allowing unauthorized modification or deletion of files, and availability by enabling denial-of-service conditions or system disruption. In multi-tenant or containerized environments, an attacker could leverage this flaw to escalate privileges or move laterally within the network. Organizations relying on Glances for monitoring critical infrastructure or cloud environments may face operational disruptions, data breaches, or further compromise if attackers exploit this vulnerability. The requirement for local access limits remote exploitation but does not eliminate risk, especially in environments where attackers can gain initial footholds or where process/container names can be influenced remotely.

The primary mitigation is to upgrade Glances to version 4.5.2 or later, where the vulnerability is fixed. Until upgrading, organizations should audit and restrict the use of custom action commands that incorporate Mustache template variables, especially those that may include user- or process-controlled data. Avoid using untrusted input in command templates and consider disabling the action system if not required. Implement strict access controls to limit who can create or modify monitored processes, containers, or filesystem mounts to reduce the risk of injection. Additionally, monitor logs for suspicious command executions and anomalous process or container names containing shell metacharacters. Employ application whitelisting and endpoint detection to detect and prevent unauthorized command execution. Finally, consider running Glances with the least privileges necessary and within isolated environments to contain potential exploitation impact.