CVE-2026-32596
- Source
- https://cve.org/CVERecord?id=CVE-2026-32596
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32596.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32596
- Aliases
- Downstream
- Related
- Published
- 2026-03-18T05:18:11.547Z
- Modified
- 2026-04-02T13:25:06.851842Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Glances exposes the REST API without authentication
- Details
-
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with
glances -w, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32596.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-200" ] }- References
-
- https://github.com/nicolargo/glances/releases/tag/v4.5.2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32596.json
- https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq
- https://nvd.nist.gov/vuln/detail/CVE-2026-32596
- https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25
Affected packages
Git / github.com/nicolargo/glances
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nicolargo/glances
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0
v1.1.2
v1.1.3
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.4
v1.4.1
v1.4.1.1
v1.4.2
v1.4.2.1
v1.5
v1.5.1
v1.5.2
v1.6
v1.6.1
v1.7
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v2.*
v2.0
v2.0.1
v2.1
v2.1.1
v2.1.2
v2.10
v2.11
v2.11.1
v2.2
v2.2.1
v2.3
v2.4
v2.4.1
v2.4.2
v2.5
v2.5.1
v2.6
v2.6.1
v2.6.2
v2.7
v2.7.1
v2.7.1_1
v2.7_RC1
v2.8
v2.8.1
v2.8.1_1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.9.0
v2.9.1
v3.*
v3.0
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.4.1
v3.1.5
v3.1.6
v3.1.6.1
v3.1.6.2
v3.1.7
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.3.1
v3.2.4
v3.2.4.1
v3.2.4.2
v3.2.5
v3.2.6
v3.2.6.1
v3.2.6.2
v3.2.6.3
v3.2.6.4
v3.2.7
v3.3.0
v3.3.0.1
v3.3.0.2
v3.3.0.3
v3.3.0.4
v3.3.1
v3.3.1.1
v3.4.0
v3.4.0.1
v3.4.0.2
v3.4.0.3
v3.4.0.4
v3.4.0.5
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.1.0
v4.1.1
v4.1.2
v4.1.2.1
v4.2.0
v4.2.1
v4.3.0
v4.3.0.1
v4.3.0.2
v4.3.0.3
v4.3.0.4
v4.3.0.5
v4.3.0.6
v4.3.0.7
v4.3.0.8
v4.3.1
v4.3.2
v4.3.3
v4.4.0
v4.4.1
v4.5.0
v4.5.0.1
v4.5.0.2
v4.5.0.3
v4.5.0.4
v4.5.0.5
v4.5.1