Cross-Origin Data Exposure in Glances System Monitoring Tool
CVE-2026-34839

7.7HIGH

Key Information:

Vendor: Nicolargo
Status: Glances
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-34839?

The Glances system monitoring tool has a critical vulnerability that allows unauthenticated access to its REST API endpoint (/api/4/*). This oversight enables cross-origin requests due to a permissive CORS policy (Access-Control-Allow-Origin: *). Consequently, attackers can exploit this weakness to extract sensitive system information from the tool when accessed from a malicious site, potentially compromising user data and system security. The issue has been rectified in version 4.5.4.

Affected Version(s)

glances < 4.5.4

References

https://github.com/nicolargo/glances/security/advisories/...

x_refsource_CONFIRM

https://github.com/nicolargo/glances/commit/fdfb977b1d91b...

x_refsource_MISC

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34839 Data

JSON

Nicolargo

What is CVE-2026-34839?

Affected Version(s)

References

CVSS V4

Timeline