Main Vulnerability Database Vulnerabilities #VU124135

#VU124135 Overly permissive cross-domain whitelist in glances - CVE-2026-32610

Published: March 19, 2026 / Updated: March 19, 2026

Vulnerability identifier: #VU124135

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2026-32610

CWE-ID: CWE-942

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
glances

Software vendor:
Nicolas Hennion

Description

The vulnerability allows a remote attacker to bypass the CORS protection mechanism.

The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and steal system monitoring information, configuration secrets and command line arguments.

Remediation

Install updates from vendor's website.

External links

https://github.com/nicolargo/glances/security/advisories/GHSA-9jfm-9rc6-2hfq

#VU124135 Overly permissive cross-domain whitelist in glances - CVE-2026-32610

Description

Remediation

External links

Please verify you're human