CVE-2026-32634 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 18, 2026
Glances - Authentication Secret Disclosure
Overview
Glances < 4.5.2 contains an authentication secret disclosure caused by using untrusted Zeroconf-advertised server names for connection URIs and password lookups in Central Browser mode, letting local network attackers steal reusable authentication secrets, exploit requires attacker on the same local network.
Severity & Score
Impact
Local attackers can steal reusable authentication secrets, leading to unauthorized access to monitored systems.
Mitigation
Update to version 4.5.2 or later.
References
Social Media Activity(2 posts)
š CVE-2026-32634 - High (8.1) Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connectio... š https://www.thehackerwire.com/vulnerability/CVE-2026-32634/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32634 - High (8.1) Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connectio... š https://www.thehackerwire.com/vulnerability/CVE-2026-32634/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32634
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_authentication
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-346
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N