CVE-2026-32633 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 18, 2026
Glances - Authentication Bypass
Overview
Glances < 4.5.2 contains an information disclosure vulnerability caused by unauthenticated access to /api/4/serverslist endpoint exposing HTTP Basic credentials in server objects, letting network attackers retrieve reusable credentials, exploit requires no password set on front Glances Browser/API instance.
Severity & Score
Impact
Network attackers can retrieve reusable credentials for downstream servers, potentially leading to unauthorized access to protected systems.
Mitigation
Upgrade to version 4.5.2 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-32633 - Critical (9.1) Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated ... š https://www.thehackerwire.com/vulnerability/CVE-2026-32633/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-32633 - Critical (9.1) Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated ... š https://www.thehackerwire.com/vulnerability/CVE-2026-32633/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32633
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-200
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N