Bug 2493125 (CVE-2026-53925)
| Summary: | CVE-2026-53925 glances: Glances: Command injection allows arbitrary code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Glances, an open-source system monitoring tool. The `secure_popen()` function, which executes system commands, fails to properly validate command strings, allowing special operators like file redirection and command chaining to be interpreted. An attacker who can modify the Glances configuration file can leverage this vulnerability to execute arbitrary commands or write arbitrary content to files on the system. This could lead to unauthorized code execution and data manipulation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2494487, 2494488 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-06-25 19:03:47 UTC
|