SSRF in Nicolargo Glances

CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration paramete…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (5.9th percentile) — read the EPSS interpretation.

Affected products

Nicolargo Glances — versions < 4.5.4

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/nicolargo/glances/security/advisories/GHSA-g5pq-48mj-jvw8 (x_refsource_CONFIRM)
https://github.com/nicolargo/glances/commit/d6808be66728956477cc4b544bab1acd71ac65fb (x_refsource_MISC)