CVE-2026-32596

UNKNOWN 0.0

Glances exposes the REST API without authentication

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.

CWE	CWE-200
Vendor	nicolargo
Product	glances
Published	Mar 18, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for nicolargo glances

Be the first to know when new unknown vulnerabilities affecting nicolargo glances are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

nicolargo / glances

< 4.5.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq github.com: https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25 github.com: https://github.com/nicolargo/glances/releases/tag/v4.5.2