2 matches found
CVE-2026-32610
Glances before 4.5.2 shipped a REST API with CORS allow_origins=["*"] and allow_credentials=True. When both are set, Starlette CORSMiddleware echoes the request Origin into Access-Control-Allow-Origin, allowing credentialed cross-origin requests to the Glances API. This can enable cross-site acce...
CVE-2026-32596 Glances exposes the REST API without authentication
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...