CVE-2026-32632
DNS Rebinding Vulnerability in Glances REST API Enables Unauthorized Access
Publication date: 2026-03-18
Last updated on: 2026-03-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nicolargo | glances | to 4.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32632 is a moderate severity vulnerability in the Glances monitoring tool affecting versions up to 4.5.2-dev01. The issue arises because the main REST/WebUI FastAPI application does not validate HTTP Host headers, lacking middleware like TrustedHostMiddleware or an equivalent host allowlist.'}, {'type': 'paragraph', 'content': "This allows DNS rebinding attacks, where an attacker controls a domain and uses DNS to rebind that domain to the victim's Glances service IP. The victim's browser then treats requests to the attacker-controlled domain as same-origin with the Glances service, bypassing same-origin policy protections."}, {'type': 'paragraph', 'content': 'Because Glances accepts arbitrary Host headers, the REST API, WebUI, and token endpoints respond to these requests, allowing attacker-controlled JavaScript to access sensitive API data that should only be accessible locally or internally.'}, {'type': 'paragraph', 'content': 'This vulnerability is distinct from CORS weaknesses because DNS rebinding causes the browser to treat the malicious domain as same-origin, eliminating the need for CORS exploitation.'}, {'type': 'paragraph', 'content': 'The vulnerability was patched in version 4.5.2 by adding host allowlist enforcement and DNS rebinding protection for the REST API and WebUI.'}] [1, 2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can allow remote attackers to read sensitive local or internal REST API data that should only be accessible within a local network.'}, {'type': 'paragraph', 'content': "Attackers can bypass browser origin-based isolation via DNS rebinding, enabling malicious JavaScript running in the victim's browser to access sensitive API responses."}, {'type': 'paragraph', 'content': 'Even if password protection is enabled, the lack of host validation increases the risk of chained attacks involving authenticated browser sessions.'}, {'type': 'paragraph', 'content': 'The JWT token endpoint is also exposed to rebinding attacks, potentially compromising authentication tokens.'}, {'type': 'paragraph', 'content': 'Overall, this increases the attack surface and risk of data exposure or unauthorized access to the Glances monitoring tool.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves the Glances REST/WebUI FastAPI application accepting arbitrary Host headers without validation, exposing it to DNS rebinding attacks.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you can check the version of Glances installed and whether it is patched to version 4.5.2 or later.'}, {'type': 'paragraph', 'content': 'Additionally, you can test if the REST API or WebUI endpoints accept arbitrary Host headers by sending HTTP requests with manipulated Host headers and observing the responses.'}, {'type': 'list_item', 'content': 'Use curl to send a request with a custom Host header to the Glances REST API endpoint, for example: curl -H "Host: attacker.example" http://<glances-ip>:<port>/api/4/status'}, {'type': 'list_item', 'content': 'Check the Glances version installed: glances --version or check the package version via your package manager.'}, {'type': 'list_item', 'content': 'Monitor network traffic for unusual DNS rebinding patterns or unexpected Host headers targeting the Glances service.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation is to upgrade Glances to version 4.5.2 or later, which includes a patch adding host allowlist enforcement via TrustedHostMiddleware.'}, {'type': 'paragraph', 'content': "If upgrading immediately is not possible, you should implement host validation by adding TrustedHostMiddleware to the FastAPI application, restricting allowed Host headers to trusted hosts such as 'localhost' and '127.0.0.1'."}, {'type': 'list_item', 'content': 'Add TrustedHostMiddleware with an explicit allowed hosts list in the FastAPI app configuration.'}, {'type': 'list_item', 'content': "Configure the new 'webui_allowed_hosts' option in the Glances configuration file (conf/glances.conf) to restrict accepted Host headers."}, {'type': 'list_item', 'content': 'Avoid binding the Glances service to 0.0.0.0 if not necessary, to limit exposure.'}, {'type': 'list_item', 'content': 'If using a reverse proxy, enforce strict host allowlists at the proxy level.'}, {'type': 'paragraph', 'content': 'Reject requests with Host headers not matching the allowlist to prevent exploitation via DNS rebinding.'}] [1, 2]