Authentication Bypass in Glances Monitoring Tool
CVE-2026-32596

8.7HIGH

Key Information:

Vendor

Nicolargo

Status
Glances
Vendor
CVE Published:
18 March 2026

What is CVE-2026-32596?

Glances, a cross-platform open-source system monitoring tool, previously allowed its web server to run without authentication by default when initiated with glances -w. This lack of security exposed its REST API, potentially revealing sensitive system information such as process command-lines that could contain credentials, passwords, API keys, and tokens to any network client. The vulnerability was addressed in version 4.5.2, reinforcing security measures for users.

Affected Version(s)

glances < 4.5.2

References

https://github.com/nicolargo/glances/security/advisories/...
x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/208d876118fea...
x_refsource_MISC
https://github.com/nicolargo/glances/releases/tag/v4.5.2
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.