CVE-2026-32596

Опубликовано: 18 мар. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue.

Ссылки

https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25
Patch
https://github.com/nicolargo/glances/releases/tag/v4.5.2
Product
Release Notes
https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*

Версия до 4.5.2 (исключая)

EPSS

Процентиль: 89%

0.04201

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

CVE-2026-32596

CVSS3: 7.5

ubuntu

12 дней назад

(Glances is an open-source system cross-platform monitoring tool. Prior ...)

CVE-2026-32596

CVSS3: 7.5

debian

12 дней назад

Glances is an open-source system cross-platform monitoring tool. Prior ...

GHSA-wvxv-4j8q-4wjq

github

13 дней назад

Glances exposes the REST API without authentication

EPSS

Процентиль: 89%

0.04201

Низкий

7.5 High

CVSS3

Дефекты

CWE-200