{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T18:09:41.457","vulnerabilities":[{"cve":{"id":"CVE-2026-32634","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T18:16:29.097","lastModified":"2026-03-19T19:03:47.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue."},{"lang":"es","value":"Glances es una herramienta de monitoreo de sistema de código abierto multiplataforma. Antes de la versión 4.5.2, en modo Navegador Central, Glances almacena tanto el nombre del servidor anunciado por Zeroconf como la dirección IP descubierta para servidores dinámicos, pero luego construye URIs de conexión a partir del nombre anunciado no confiable en lugar de la IP descubierta. Cuando un servidor dinámico se reporta como protegido, Glances también usa ese mismo nombre no confiable como clave de búsqueda para contraseñas guardadas y la credencial global '[passwords] default'. Un atacante en la misma red local puede anunciar un servicio Glances falso a través de Zeroconf y hacer que el navegador envíe automáticamente un secreto de autenticación de Glances reutilizable a un host controlado por el atacante. Esto afecta la ruta de sondeo en segundo plano y la ruta de clic de REST/WebUI en modo Navegador Central. La versión 4.5.2 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.2","matchCriteriaId":"3FC19E01-80F1-43BB-912C-39FE99143A59"}]}]}],"references":[{"url":"https://github.com/nicolargo/glances/commit/61d38eec521703e41e4933d18d5a5ef6f854abd5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}