CVE-2026-32596 in glances
Summary
by MITRE • 03/18/2026
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/22/2026
CVE-2026-32596 represents a critical authentication bypass vulnerability in the Glances monitoring tool that affects versions prior to 4.5.2. This vulnerability stems from the default configuration of Glances web server when executed with the -w flag, which enables the web interface without requiring any form of authentication. The flaw exists in the application's security architecture where the REST API endpoint remains accessible to all network clients without proper access controls, creating an inherent weakness that violates fundamental security principles of least privilege and access control.
The technical nature of this vulnerability can be categorized under CWE-305 Authentication Bypass and CWE-287 Improper Certificate Validation, as the application fails to implement proper authentication mechanisms for its web interface. When users start Glances with the web server option, the tool automatically binds to a network port and exposes a complete REST API interface that provides detailed system information including process command lines. This exposure creates a significant risk because command-line arguments often contain sensitive information such as passwords, API keys, and authentication tokens that are passed as parameters to running processes. The vulnerability represents a classic case of insecure default configurations where security controls are not enabled by default, forcing administrators to manually implement security measures that are not immediately apparent.
The operational impact of this vulnerability is severe and far-reaching across multiple security domains. Network attackers with access to the host system or those who can reach the Glances web server port can immediately access sensitive system information without any authentication requirements. This exposure allows for credential harvesting through process command-line inspection, where attackers can extract passwords, API keys, and other authentication tokens that are inadvertently passed as command-line arguments to processes. The vulnerability also enables reconnaissance activities where attackers can gather detailed information about running processes, system configuration, and potentially identify other vulnerable services or applications running on the same host. This information can be leveraged for further attacks including privilege escalation, lateral movement, and targeted attacks against other systems within the network.
The security implications extend beyond immediate credential exposure to encompass broader attack surface management and compliance concerns. According to ATT&CK framework, this vulnerability maps to T1083 File and Directory Discovery and T1562 Impair Defenses, as attackers can discover sensitive files and information while potentially impairing the system's defensive capabilities through information disclosure. Organizations using Glances for system monitoring may unknowingly expose their infrastructure to unauthorized access, particularly in environments where multiple users have access to the monitoring tool or where the web server is exposed to untrusted networks. The vulnerability also impacts compliance with various security standards including ISO 27001, NIST SP 800-53, and PCI DSS, which require proper access controls and authentication mechanisms for systems handling sensitive information.
The remediation for CVE-2026-32596 is straightforward and involves upgrading to version 4.5.2 or later, which implements proper authentication mechanisms for the web server interface. Organizations should also implement additional security controls including network segmentation to restrict access to the Glances web server port, proper firewall rules to limit access to trusted networks only, and regular security audits to ensure that monitoring tools are properly configured. System administrators should review all default configurations for monitoring tools and ensure that security controls are enabled by default rather than relying on manual configuration. The fix addresses the root cause by implementing authentication requirements for accessing the REST API endpoints and preventing unauthorized access to sensitive system information that could otherwise be exploited by malicious actors.