Home / Vulnerability Intelligence / CVE-2026-32610

CVE-2026-32610 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 18, 2026

Glances - Cross-Site Request Forgery

Published: March 18, 2026Updated: March 18, 2026Remote Exploitable

Overview

Glances < 4.5.2 contains a cross-site request forgery caused by insecure CORS configuration with allow_origins=["*"] and allow_credentials=True in REST API, letting remote attackers steal sensitive data via credentialed cross-origin requests, exploit requires victim browser session.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can steal sensitive system monitoring data and secrets from users with active browser sessions via cross-origin requests.

Mitigation

Update to version 4.5.2 or later.

References

https://github.com/nicolargo/glances/commit/4465169b71d93991f1e49740fe02428291099832
https://github.com/nicolargo/glances/releases/tag/v4.5.2
https://github.com/nicolargo/glances/security/advisories/GHSA-9jfm-9rc6-2hfq

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32610
Severity: High
CVSS Score: 8.1
Type: cross_site_request_forgery
Status: new

CWE

CWE-942

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N