Description

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of these options are enabled together, Starlette's `CORSMiddleware` reflects the requesting `Origin` header value in the `Access-Control-Allow-Origin` response header instead of returning the literal `*` wildcard. This effectively grants any website the ability to make credentialed cross-origin API requests to the Glances server, enabling cross-site data theft of system monitoring information, configuration secrets, and command line arguments from any user who has an active browser session with a Glances instance. Version 4.5.2 fixes the issue.

INFO

Published Date :

2026-03-18T16:31:12.154Z

Last Modified :

2026-03-18T16:59:40.327Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32610 vulnerability.

Vendors Products
Nicolargo
  • Glances
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32610.

URL Resource
https://github.com/nicolargo/glances/commit/4465169b71d93991f1e49740fe02428291099832 cve-icon cve-icon
https://github.com/nicolargo/glances/releases/tag/v4.5.2 cve-icon cve-icon
https://github.com/nicolargo/glances/security/advisories/GHSA-9jfm-9rc6-2hfq cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact