Cross-platform Monitoring Tool Vulnerability in Glances by Nicolargo
CVE-2026-32634

8.1HIGH

Key Information:

Vendor

Nicolargo

Status
Glances
Vendor
CVE Published:
18 March 2026

What is CVE-2026-32634?

Glances, an open-source cross-platform monitoring tool, contains a vulnerability that affects its Central Browser mode. Prior to version 4.5.2, the application inadvertently stores the untrusted server name advertised through Zeroconf, using this name rather than the verified IP address when building connection URIs. This flaw may enable attackers on the same local network to present a fraudulent Glances service, resulting in the automatic transmission of reusable Glances authentication secrets to the attacker's controlled host, potentially compromising sensitive data. Version 4.5.2 addresses this issue, enhancing the security of user credentials through improved name verification.

Affected Version(s)

glances < 4.5.2

References

https://github.com/nicolargo/glances/security/advisories/...
x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/61d38eec52170...
x_refsource_MISC
https://github.com/nicolargo/glances/releases/tag/v4.5.2
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.