CVE-2026-32596
Published: 18 March 2026
Summary
CVE-2026-32596 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Nicolargo Glances. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-6 (Configuration Settings).
Deeper analysis
Glances is an open-source cross-platform system monitoring tool whose web server component, when invoked with the `glances -w` flag, exposes a REST API without authentication prior to version 4.5.2. The affected interface returns sensitive system data, including process command lines that may contain credentials such as passwords, API keys, and tokens, to any unauthenticated network client. The issue is tracked as CVE-2026-32596 with a CVSS 4.0 score of 8.7 and is classified under CWE-200.
An attacker with network access to an instance started in web mode can retrieve the exposed REST endpoints and extract credential material directly from process listings without requiring prior authentication or user interaction. This allows passive collection of secrets that may be used for further compromise of the monitored system or connected services.
The official GitHub security advisory GHSA-wvxv-4j8q-4wjq, the v4.5.2 release notes, and the associated commit 208d876118fea5758970f33fd7474908bd403d25 state that the vulnerability is resolved in version 4.5.2, which adds authentication controls to the web server by default.
The EPSS probability rose from a low baseline to a peak of 0.0606 on 2026-04-29 before receding to the current value of 0.0406, indicating that exploitation interest emerged after public disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12777
Vulnerability details
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens)…
more
to any network client. Version 4.5.2 fixes the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated network exposure of the Glances REST API directly enables remote exploitation of a public-facing monitoring service (T1190) to retrieve system/process data (T1082/T1057) that contains credentials (T1552).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly identifies and restricts actions like accessing sensitive REST API endpoints that can be performed without identification or authentication, preventing exposure to any network client.
Enforces secure configuration settings for the Glances web server to require authentication, countering the default unauthenticated exposure of sensitive system information.
Prohibits or restricts unnecessary functions such as the unauthenticated web server mode, minimizing the attack surface for sensitive process command-line data leakage.