Description

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue.

INFO

Published Date :

2026-03-18T17:55:30.552Z

Last Modified :

2026-03-18T18:36:07.432Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32634 vulnerability.

Vendors Products
Nicolargo
  • Glances
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32634.

URL Resource
https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5 cve-icon cve-icon
https://github.com/nicolargo/glances/releases/tag/v4.5.2 cve-icon cve-icon
https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact