Home / Vulnerability Intelligence / CVE-2026-32610

CVE-2026-32610 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 19, 2026

Glances - Cross-Site Request Forgery

Published: March 18, 2026Updated: March 19, 2026Remote Exploitable

Overview

Glances < 4.5.2 contains a cross-site request forgery caused by insecure CORS configuration with allow_origins=["*"] and allow_credentials=True in REST API, letting remote attackers steal sensitive data via credentialed cross-origin requests, exploit requires victim browser session.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.8%(Probability of exploitation in next 30 days)

Impact

Attackers can steal sensitive system monitoring data and secrets from users with active browser sessions via cross-origin requests.

Mitigation

Update to version 4.5.2 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 18, 2026

🟠 CVE-2026-32610 - High (8.1) Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of t... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32610/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32610
Severity: High
CVSS Score: 8.1
Type: cross_site_request_forgery
Status: unconfirmed
EPSS: 2.8%
Social Posts: 1

CWE

CWE-942

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score

2.8%Probability of exploitation in the next 30 days