CVE-2026-32596
Published: 18 March 2026
Summary
CVE-2026-32596 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Nicolargo Glances. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly identifies and restricts actions like accessing sensitive REST API endpoints that can be performed without identification or authentication, preventing exposure to any network client.
Enforces secure configuration settings for the Glances web server to require authentication, countering the default unauthenticated exposure of sensitive system information.
Prohibits or restricts unnecessary functions such as the unauthenticated web server mode, minimizing the attack surface for sensitive process command-line data leakage.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated network exposure of the Glances REST API directly enables remote exploitation of a public-facing monitoring service (T1190) to retrieve system/process data (T1082/T1057) that contains credentials (T1552).
NVD Description
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens)…
more
to any network client. Version 4.5.2 fixes the issue.
Deeper analysisAI
CVE-2026-32596 is an exposure of sensitive information vulnerability (CWE-200) in Glances, an open-source cross-platform system monitoring tool. In versions prior to 4.5.2, the Glances web server runs without authentication by default when started with the `glances -w` command. This exposes a REST API to any network client, providing access to sensitive system information, including process command lines that may contain credentials such as passwords, API keys, and tokens. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for privileges or user interaction.
Any unauthenticated attacker with network access to the affected host can exploit this vulnerability by directly querying the exposed REST API endpoints. Successful exploitation allows retrieval of detailed system monitoring data, including command-line arguments from running processes that disclose sensitive credentials and other confidential information hosted on the system.
Version 4.5.2 of Glances fixes this issue. Security practitioners should upgrade to this version or later. Additional details are available in the GitHub security advisory at https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq, the release notes at https://github.com/nicolargo/glances/releases/tag/v4.5.2, and the fixing commit at https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25.
Details
- CWE(s)