CVE-2026-35587: CWE-918: Server-Side Request Forgery (SSRF) in nicolargo glances
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used directly in outbound HTTP requests without any scheme restriction or hostname/IP validation. An attacker who can modify the Glances configuration can force the application to send requests to arbitrary internal or external endpoints. Additionally, when public_username and public_password are set, Glances automatically includes these credentials in the Authorization: Basic header, resulting in credential leakage to attacker-controlled servers. This vulnerability can be exploited to access internal network services, retrieve sensitive data from cloud metadata endpoints, and/or exfiltrate credentials via outbound HTTP requests. The issue arises because public_api is passed directly to the HTTP client (urlopen_auth) without validation, allowing unrestricted outbound connections and unintended disclosure of sensitive information. Version 4.5.4 contains a patch.
AI Analysis
Technical Summary
Glances, an open-source cross-platform system monitoring tool, has an SSRF vulnerability (CWE-918) in its IP plugin prior to version 4.5.4. The issue is due to the public_api configuration parameter being used directly in HTTP requests without validating the URL scheme or hostname/IP. This allows an attacker who can modify the configuration to force outbound HTTP requests to arbitrary endpoints, including internal network services or cloud metadata endpoints. Additionally, if public_username and public_password are set, these credentials are automatically included in the Authorization header, risking credential leakage. The vulnerability is fixed in version 4.5.4.
Potential Impact
Exploitation can result in unauthorized internal network access, exposure of sensitive data from internal or cloud metadata services, and leakage of credentials configured in Glances. The vulnerability has a CVSS 4.0 score of 7.3 (high severity), indicating significant risk if an attacker can modify the configuration. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade Glances to version 4.5.4 or later, where this SSRF vulnerability is patched. Until the upgrade, restrict access to the Glances configuration to trusted users only to prevent unauthorized modification of the public_api parameter. No other vendor advisory or patch links are provided, so check the official Glances release notes for confirmation and further guidance.
CVE-2026-35587: CWE-918: Server-Side Request Forgery (SSRF) in nicolargo glances
Description
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used directly in outbound HTTP requests without any scheme restriction or hostname/IP validation. An attacker who can modify the Glances configuration can force the application to send requests to arbitrary internal or external endpoints. Additionally, when public_username and public_password are set, Glances automatically includes these credentials in the Authorization: Basic header, resulting in credential leakage to attacker-controlled servers. This vulnerability can be exploited to access internal network services, retrieve sensitive data from cloud metadata endpoints, and/or exfiltrate credentials via outbound HTTP requests. The issue arises because public_api is passed directly to the HTTP client (urlopen_auth) without validation, allowing unrestricted outbound connections and unintended disclosure of sensitive information. Version 4.5.4 contains a patch.
CVSS v4.0
Score 7.3high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Glances, an open-source cross-platform system monitoring tool, has an SSRF vulnerability (CWE-918) in its IP plugin prior to version 4.5.4. The issue is due to the public_api configuration parameter being used directly in HTTP requests without validating the URL scheme or hostname/IP. This allows an attacker who can modify the configuration to force outbound HTTP requests to arbitrary endpoints, including internal network services or cloud metadata endpoints. Additionally, if public_username and public_password are set, these credentials are automatically included in the Authorization header, risking credential leakage. The vulnerability is fixed in version 4.5.4.
Potential Impact
Exploitation can result in unauthorized internal network access, exposure of sensitive data from internal or cloud metadata services, and leakage of credentials configured in Glances. The vulnerability has a CVSS 4.0 score of 7.3 (high severity), indicating significant risk if an attacker can modify the configuration. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade Glances to version 4.5.4 or later, where this SSRF vulnerability is patched. Until the upgrade, restrict access to the Glances configuration to trusted users only to prevent unauthorized modification of the public_api parameter. No other vendor advisory or patch links are provided, so check the official Glances release notes for confirmation and further guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-03T20:09:02.828Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e6b73b19fe3cd2cd3f2d1b
Added to database: 4/20/2026, 11:31:07 PM
Last enriched: 4/28/2026, 5:55:30 AM
Last updated: 6/2/2026, 2:49:19 AM
Views: 70
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.