{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32634", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-12T15:29:36.559Z", "datePublished": "2026-03-18T17:55:30.552Z", "dateUpdated": "2026-03-18T18:36:07.432Z"}, "containers": {"cna": {"title": "Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers", "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "lang": "en", "description": "CWE-346: Origin Validation Error", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-522", "lang": "en", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm"}, {"name": "https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5"}, {"name": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2"}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"version": "< 4.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-18T17:55:30.552Z"}, "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue."}], "source": {"advisory": "GHSA-vx5f-957p-qpvm", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T18:36:04.743026Z", "id": "CVE-2026-32634", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T18:36:07.432Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32634", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T18:36:04.743026Z"}}}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T18:35:59.754Z"}}], "cna": {"title": "Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers", "source": {"advisory": "GHSA-vx5f-957p-qpvm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"status": "affected", "version": "< 4.5.2"}]}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm", "name": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5", "name": "https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "name": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-18T17:55:30.552Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32634", "state": "PUBLISHED", "dateUpdated": "2026-03-18T18:36:07.432Z", "dateReserved": "2026-03-12T15:29:36.559Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-18T17:55:30.552Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FC19E01-80F1-43BB-912C-39FE99143A59", "versionEndExcluding": "4.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue."}], "id": "CVE-2026-32634", "lastModified": "2026-03-19T19:03:47.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-18T18:16:29.097", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-522"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glances", "source": "cna", "vendor": "nicolargo"}, "product": "glances", "vendor": "nicolargo"}], "analysis": {"en": {"generated_at": "2026-03-19T20:24:30.666767+00:00", "value": {"mitigation_remediation": ["Upgrade Glances to version 4.5.2 or newer"], "summary": {"action": "Immediate Patch", "impact": "Credential Disclosure"}, "threat_synthesis": {"affected_systems": "Affected systems include the open-source Glances monitoring tool from the vendor nicolargo. Versions prior to 4.5.2 are vulnerable. The issue was addressed in release 4.5.2, which corrects the use of the advertised name in connection logic.", "description_and_impact": "The vulnerability in Glances allows a local network attacker to spoof a Zeroconf advertisement for a Glances server. Glances incorrectly uses the untrusted advertised name to build connection URIs and to look up stored credentials for protected servers. This behavior results in Glances automatically sending a reusable authentication secret to the attacker-controlled host. The impact is the disclosure of authentication credentials that can grant unauthorized access to the Glances system. The weakness can be classified as CWE-346 and CWE-522.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.1, indicating high severity, while the EPSS score is below 1% and the issue is not currently listed in the CISA KEV catalogue. Exploitation requires the attacker to be on the same local network and to advertise a fake Glances service via Zeroconf. Because the attack vector is limited to a local network and the probability of exploitation is low, the risk is moderate to high for environments where Glances Central Browser mode is enabled and exposed to untrusted local networks. Prompt patching and network segmentation are advisable."}}}}, "created": "2026-03-19T08:55:47.873572+00:00", "updated": "2026-03-24T10:58:05.699659+00:00", "vendors": ["nicolargo", "nicolargo$PRODUCT$glances"]}