Main Vulnerability Database Vulnerabilities #VU124135

Overly permissive cross-domain whitelist in glances - CVE-2026-32610

Published: March 19, 2026 / Updated: March 19, 2026

Vulnerability identifier: #VU124135

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2026-32610

CWE-ID: CWE-942

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Nicolas Hennion

Affected software:
glances

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass the CORS protection mechanism.

The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and steal system monitoring information, configuration secrets and command line arguments.

How to mitigate CVE-2026-32610

Install updates from vendor's website.

Sources

https://github.com/nicolargo/glances/security/advisories/GHSA-9jfm-9rc6-2hfq

Overly permissive cross-domain whitelist in glances - CVE-2026-32610

Detailed vulnerability description

How to mitigate CVE-2026-32610

Sources

Please verify you're human