Cross-Origin Request Vulnerability in Glances Monitoring Tool by Glances
CVE-2026-32610

8.1HIGH

Key Information:

Vendor

Nicolargo

Status
Glances
Vendor
CVE Published:
18 March 2026

What is CVE-2026-32610?

The Glances monitoring tool, prior to version 4.5.2, is susceptible to a cross-origin resource sharing (CORS) misconfiguration in its REST API. The default CORS setup permits the use of wildcard origins alongside credentialed requests, leading to potential security risks. This flaw allows any website to execute cross-origin API requests with user credentials, which may result in unauthorized access to sensitive system monitoring data, configuration secrets, and even command line arguments from any active browser session connected to a Glances instance. The issue is resolved in version 4.5.2.

Affected Version(s)

glances < 4.5.2

References

https://github.com/nicolargo/glances/security/advisories/...
x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/4465169b71d93...
x_refsource_MISC
https://github.com/nicolargo/glances/releases/tag/v4.5.2
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.