CVE-2026-32609 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: March 19, 2026
Glances - Information Disclosure
Overview
Glances < 4.5.2 contains an information disclosure vulnerability caused by unauthenticated access to /api/v4/args endpoints exposing sensitive configuration secrets including password hashes and SNMP keys, letting unauthenticated attackers access sensitive data, exploit requires no authentication when run without --password.
Severity & Score
Impact
Unauthenticated attackers can access sensitive configuration secrets including password hashes and SNMP keys, risking credential compromise and further attacks.
Mitigation
Update to version 4.5.2 or later.
References
Social Media Activity(2 posts)
š CVE-2026-32609 - High (7.5) Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, th... š https://www.thehackerwire.com/vulnerability/CVE-2026-32609/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32609 - High (7.5) Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, th... š https://www.thehackerwire.com/vulnerability/CVE-2026-32609/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32609
- Severity
- High
- CVSS Score
- 7.5
- Type
- information_disclosure
- Status
- confirmed
- EPSS
- 5.0%
- Social Posts
- 2
CWE
- CWE-200
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N