CVE-2026-32634 in glances정보

요약

\~에 의해 MITRE • 2026. 03. 18.

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2026. 03. 12.

공개

2026. 03. 18.

모더레이션

수락

항목

VDB-351595

CPE

준비됨

CWE

CWE-346 (확인됨)

CVSS

8.1 (CNA)

EPSS

0.00018

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32634
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32634
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32634/

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!