Main Vulnerability Database Exploits ID:12515 - Exploit for Overly permissive cross-domain whitelist in glances - CVE-2026-32610

ID:12515 - Exploit for Overly permissive cross-domain whitelist in glances - CVE-2026-32610

Published: March 19, 2026

Vulnerability identifier: #VU124135

Vulnerability risk: High

CVE-ID: CVE-2026-32610

CWE-ID: CWE-942

Exploitation vector: Remote access

Vulnerable software:
glances

Link to public exploit:

https://github.com/nicolargo/glances/security/advisories/GHSA-9jfm-9rc6-2hfq/#poc

Vulnerability description

The vulnerability allows a remote attacker to bypass the CORS protection mechanism.

The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and steal system monitoring information, configuration secrets and command line arguments.

Remediation

Install updates from vendor's website.

ID:12515 - Exploit for Overly permissive cross-domain whitelist in glances - CVE-2026-32610

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human