CVE-2026-32634
Published: 18 March 2026
Summary
CVE-2026-32634 is a high-severity Origin Validation Error (CWE-346) vulnerability in Nicolargo Glances. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Name Resolution Poisoning and SMB Relay (T1557.001); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-21 (Secure Name/Address Resolution Service (Recursive or Caching Resolver)) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-32634 by remediating the flaw through application of the vendor patch in Glances version 4.5.2 that prevents use of untrusted Zeroconf-advertised names.
Requires validation of name/address resolution responses, preventing trust in spoofed Zeroconf service advertisements that mismatch discovered IPs.
Enforces boundary protection to segment Glances Central Browser from adjacent networks, blocking attackers from advertising fake services.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables service discovery spoofing (Zeroconf/mDNS) to intercept Glances auth secrets via origin validation failure, directly facilitating adversary-in-the-middle credential capture (T1557.001). Stolen reusable credentials then enable access to real instances via valid accounts (T1078).
NVD Description
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised…
more
name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue.
Deeper analysisAI
CVE-2026-32634 is a vulnerability in Glances, an open-source cross-platform system monitoring tool, affecting versions prior to 4.5.2. In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers. However, it constructs connection URIs using the untrusted advertised name rather than the discovered IP. Additionally, when a dynamic server reports itself as protected, Glances uses this untrusted name as the lookup key for saved passwords and the global [passwords] default credential. The issue is associated with CWE-346 (Origin Validation Error) and CWE-522 (Insufficiently Protected Credentials), earning a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An attacker on the same local network can exploit this by advertising a fake Glances service over Zeroconf, tricking the Central Browser into automatically sending a reusable Glances authentication secret to the attacker-controlled host. This impacts both the background polling path and the REST/WebUI click-through path in Central Browser mode, allowing the attacker to gain unauthorized access to protected Glances instances using stolen credentials.
The Glances security advisory (GHSA-vx5f-957p-qpvm) and release notes confirm that version 4.5.2 resolves the issue, with the fixing commit available at https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5. Security practitioners should upgrade to Glances 4.5.2 or later and review network exposure of Central Browser instances to mitigate risks from adjacent network attackers.
Details
- CWE(s)