Cyber Resilience

CVE-2026-32596

HighPublic PoC

Published: 18 March 2026

Published
18 March 2026
Modified
18 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0155 71.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32596 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Nicolargo Glances. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-6 (Configuration Settings).

Deeper analysis

Glances is an open-source cross-platform system monitoring tool whose web server component, when invoked with the `glances -w` flag, exposes a REST API without authentication prior to version 4.5.2. The affected interface returns sensitive system data, including process command lines that may contain credentials such as passwords, API keys, and tokens, to any unauthenticated network client. The issue is tracked as CVE-2026-32596 with a CVSS 4.0 score of 8.7 and is classified under CWE-200.

An attacker with network access to an instance started in web mode can retrieve the exposed REST endpoints and extract credential material directly from process listings without requiring prior authentication or user interaction. This allows passive collection of secrets that may be used for further compromise of the monitored system or connected services.

The official GitHub security advisory GHSA-wvxv-4j8q-4wjq, the v4.5.2 release notes, and the associated commit 208d876118fea5758970f33fd7474908bd403d25 state that the vulnerability is resolved in version 4.5.2, which adds authentication controls to the web server by default.

The EPSS probability rose from a low baseline to a peak of 0.0606 on 2026-04-29 before receding to the current value of 0.0406, indicating that exploitation interest emerged after public disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens)…

more

to any network client. Version 4.5.2 fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
T1057 Process Discovery Discovery
Adversaries may attempt to get information about running processes on a system.
Why these techniques?

Unauthenticated network exposure of the Glances REST API directly enables remote exploitation of a public-facing monitoring service (T1190) to retrieve system/process data (T1082/T1057) that contains credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32609Same product: Nicolargo Glances
CVE-2026-30928Same product: Nicolargo Glances
CVE-2026-32633Same product: Nicolargo Glances
CVE-2026-32611Same product: Nicolargo Glances
CVE-2026-30930Same product: Nicolargo Glances
CVE-2026-32610Same product: Nicolargo Glances
CVE-2026-35587Same product: Nicolargo Glances
CVE-2026-33641Same product: Nicolargo Glances
CVE-2026-32634Same product: Nicolargo Glances
CVE-2026-4020Shared CWE-200

Affected Assets

nicolargo
glances
≤ 4.5.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly identifies and restricts actions like accessing sensitive REST API endpoints that can be performed without identification or authentication, preventing exposure to any network client.

prevent

Enforces secure configuration settings for the Glances web server to require authentication, countering the default unauthenticated exposure of sensitive system information.

prevent

Prohibits or restricts unnecessary functions such as the unauthenticated web server mode, minimizing the attack surface for sensitive process command-line data leakage.

References