Glances is a cross-platform system monitoring tool that exposes a REST API and WebUI for system metrics and management. Prior to version 4.5.2, Glances' main FastAPI application accepted arbitrary Host headers without enforcing TrustedHostMiddleware or a host allowlist, which is critical for validating the origin of incoming requests. Although DNS rebinding protection was added for the MCP endpoint, the REST API, WebUI, and token endpoints remained vulnerable. DNS rebinding attacks exploit the browser's trust in the domain name by causing the victim's browser to resolve an attacker-controlled domain to the internal IP address of the Glances service. Because the browser treats the rebinding domain as the same origin, it bypasses the same-origin policy, allowing the attacker to interact with the API and WebUI as if they were legitimate. This vulnerability is distinct from CORS misconfigurations because it does not rely on cross-origin resource sharing but on origin validation failures. The CVSS 3.1 score is 5.9 (medium), reflecting the network attack vector, high confidentiality impact, low integrity impact, no availability impact, high attack complexity, no privileges required, and required user interaction. No known exploits are reported in the wild yet. The issue was fixed in version 4.5.2 by implementing proper origin validation and host header filtering.

This vulnerability can lead to unauthorized disclosure of sensitive system monitoring data, including system metrics, running processes, and potentially token information, compromising confidentiality. Attackers can leverage DNS rebinding to bypass browser security policies and interact with the Glances API and WebUI as if they were the legitimate user. Although the integrity and availability impacts are low or none, the exposure of sensitive monitoring data can aid further attacks or reconnaissance. Organizations exposing Glances interfaces to untrusted networks or using it in multi-tenant environments are at higher risk. The requirement for user interaction (visiting a malicious site) limits automated exploitation but does not eliminate risk, especially in targeted phishing or watering hole attacks. The medium CVSS score reflects these factors, but the potential for sensitive data leakage in critical infrastructure environments elevates concern.

The primary mitigation is to upgrade Glances to version 4.5.2 or later, which includes patches for proper origin validation and TrustedHostMiddleware enforcement. Until upgrading, organizations should restrict access to Glances interfaces via network segmentation and firewall rules, limiting exposure to trusted internal networks only. Implement DNS rebinding protections at the network level, such as configuring DNS servers to reject suspicious rebinding patterns or using browser security features/extensions that detect rebinding attempts. Additionally, administrators should monitor logs for unusual Host header values or unexpected API access patterns. Educate users to avoid visiting untrusted or suspicious websites that could trigger DNS rebinding attacks. For environments requiring remote access, consider using VPNs or secure tunnels that do not rely on DNS resolution vulnerable to rebinding. Finally, review and harden web server configurations to enforce strict host header validation and origin checks.