Glances is a widely used open-source cross-platform system monitoring tool that provides real-time information about system metrics and processes. Prior to version 4.5.2, when Glances is launched with the web server option (`glances -w`), it starts a REST API server without any authentication mechanism by default. This design flaw exposes sensitive system information to any client that can reach the server over the network. Critically, the exposed data includes process command lines, which often contain sensitive credentials such as passwords, API keys, and tokens embedded in scripts or commands. Because the API is accessible without authentication, any unauthorized actor on the network can retrieve this information, leading to a significant confidentiality breach. The vulnerability is tracked as CVE-2026-32596 and classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVSS 4.0 base score is 8.7, reflecting the ease of exploitation (network accessible, no authentication or user interaction required) and the high impact on confidentiality. The vulnerability affects all Glances versions prior to 4.5.2. The fix in version 4.5.2 introduces authentication or access controls to prevent unauthorized access to the REST API. No public exploits have been reported yet, but the risk remains high due to the nature of the exposed data and the default insecure configuration.

The exposure of sensitive system information including credentials can have severe consequences for organizations. Attackers gaining access to passwords, API keys, or tokens can escalate privileges, move laterally within networks, or compromise additional systems and services. This can lead to data breaches, unauthorized access to critical infrastructure, and potential disruption of operations. Since Glances is used for system monitoring across various platforms, the vulnerability could affect servers, cloud instances, and development environments globally. The lack of authentication means that any attacker with network access to the Glances web server can exploit the vulnerability without needing to compromise user credentials or trick users into interaction. This significantly lowers the barrier to exploitation and increases the likelihood of successful attacks, especially in environments where network segmentation is weak or where Glances is exposed to untrusted networks. The confidentiality impact is high, while integrity and availability impacts are minimal or none. Organizations relying on Glances for monitoring should consider the risk of credential leakage and subsequent attacks.

The primary mitigation is to upgrade Glances to version 4.5.2 or later, which fixes the vulnerability by implementing authentication or restricting access to the REST API. Until the upgrade can be applied, organizations should take immediate steps to restrict network access to the Glances web server interface. This includes firewall rules limiting access to trusted IP addresses, using VPNs or secure tunnels for remote access, and disabling the web server mode if not strictly necessary. Additionally, review and rotate any credentials, API keys, or tokens that may have been exposed through this vulnerability. Implement network segmentation to isolate monitoring tools from untrusted networks. Monitoring network traffic for unusual access patterns to the Glances web server can help detect potential exploitation attempts. Finally, educate system administrators about the risks of running monitoring tools with default insecure configurations and encourage the use of secure deployment practices.