{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T06:35:10.017","vulnerabilities":[{"cve":{"id":"CVE-2026-32596","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T06:16:18.800","lastModified":"2026-03-18T18:33:12.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue."},{"lang":"es","value":"Glances es una herramienta de monitoreo de sistemas multiplataforma de código abierto. Antes de la versión 4.5.2, el servidor web de Glances se ejecuta sin autenticación por defecto cuando se inicia con 'glances -w', exponiendo la API REST con información sensible del sistema, incluyendo líneas de comando de procesos que contienen credenciales (contraseñas, claves de API, tokens) a cualquier cliente de red. La versión 4.5.2 soluciona el problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.2","matchCriteriaId":"3FC19E01-80F1-43BB-912C-39FE99143A59"}]}]}],"references":[{"url":"https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}