The Glances monitoring tool exposes sensitive HTTP Basic credentials for downstream servers via an unauthenticated API endpoint when the central brows...
Description
The Glances monitoring tool exposes sensitive HTTP Basic credentials for downstream servers via an unauthenticated API endpoint when the central browser is run without a password.
AI Analyst Comment
Remediation
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Glances
PRODUCT: Glances
AFFECTED_VERSIONS: Prior to version 4.5.2
---END_METADATA---
Description Summary:
The Glances monitoring tool exposes sensitive HTTP Basic credentials for downstream servers via an unauthenticated API endpoint when the central browser is run without a password.
Executive Summary:
An unauthenticated information disclosure vulnerability in Glances allows remote attackers to harvest reusable authentication secrets for protected downstream monitoring servers.
Vulnerability Details
CVE-ID: CVE-2026-32633
Affected Software: Glances Glances
Affected Versions: Prior to version 4.5.2
Vulnerability: The
/api/4/serverslistendpoint returns raw server objects that include embedded HTTP Basic credentials in theurifield. In common internal deployments where the Glances Browser is started without the--passwordflag, this endpoint is completely unauthenticated.Business Impact
The exposure of reusable credentials allows an attacker to gain unauthorized access to all downstream Glances servers within the infrastructure. With a CVSS score of 9.1, this vulnerability poses a critical risk to organizational security, as it facilitates lateral movement and provides attackers with deep visibility into system performance and configurations across the entire network.
Remediation Plan
Immediate Action: Update Glances to version 4.5.2 or higher immediately and ensure that all Glances Browser instances are configured with the
--passwordrequirement.Proactive Monitoring: Review API access logs for unauthorized requests to the
/api/4/serverslistendpoint and monitor for anomalous login activity on downstream monitoring nodes.Compensating Controls: Implement network segmentation to ensure the Glances API is only accessible from trusted administrative subnets and use a Web Application Firewall (WAF) to block unauthenticated access to the
/api/path.Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, the unauthenticated nature of the disclosure makes this a highly attractive target for internal or external attackers seeking to escalate privileges.
Analyst Recommendation
This vulnerability represents a significant failure in credential handling. It is imperative that organizations update to version 4.5.2 and enforce password authentication on all monitoring interfaces to prevent the mass exposure of infrastructure credentials.