Loading
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue.
Cite this page
CVE-2026-32634. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-32634
Use CWE-346, Nicolargo vendor hub and Glances product page to widen CVE-2026-32634 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-32633, CVE-2026-32610 and CVE-2026-33641 for nearby disclosures in the same product family.