CVE-2026-34839
CORS Vulnerability in Glances REST API Enables Data Exfiltration
Publication date: 2026-04-21
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nicolargo | glances | to 4.5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34839 is a high-severity vulnerability in the Glances system monitoring tool that affects its web server REST API prior to version 4.5.4. The REST API endpoint (/api/4/*) is accessible without authentication and implements a permissive Cross-Origin Resource Sharing (CORS) policy by setting the HTTP header Access-Control-Allow-Origin to '*'. This allows any website to make cross-origin requests to the API from a victim's browser and read sensitive system information exposed by Glances.
Because of this misconfiguration, a malicious website can use JavaScript to fetch detailed system data such as running processes, system details (hostname, OS, CPU info), memory and disk usage, network interfaces, IP addresses, and running services from the victim's Glances instance without their consent.
This vulnerability enables cross-origin data exfiltration of sensitive information, facilitating unauthorized disclosure and potential further attacks. The issue was fixed in Glances version 4.5.4 by restricting CORS permissions.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive system information from a Glances instance running on your system. An attacker can exploit the permissive CORS policy to read detailed data such as running processes, system configuration, network interfaces, IP addresses, and resource usage remotely through a victim's browser.
The exposed information can be used by attackers to perform reconnaissance, identify potential weaknesses, and plan targeted attacks against your system or network.
Since the API is unauthenticated and accessible by default, any user visiting a malicious website could unknowingly leak sensitive system data, increasing the risk of compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Glances monitoring tool is running in web mode and exposing the unauthenticated REST API endpoint at port 61208, specifically the path /api/4/all.
You can test this by sending an HTTP request to the endpoint and inspecting the response headers and content.
- Use curl to check the API endpoint and CORS headers: curl -i http://<host>:61208/api/4/all
- Look for the HTTP header Access-Control-Allow-Origin: * which indicates a permissive CORS policy.
- Verify if the response contains sensitive system information such as process lists, system details, memory usage, network interfaces, and running services.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Glances to version 4.5.4 or later, where the vulnerability has been patched by restricting the CORS permissions on the REST API.
If upgrading is not immediately possible, consider disabling the web server mode of Glances or restricting network access to the API port (61208) to trusted hosts only.
Additionally, avoid running Glances with the web server bound to all interfaces (0.0.0.0) to reduce exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Glances allows unauthorized cross-origin access to sensitive system information without authentication, leading to potential exposure of sensitive data.
Such unauthorized disclosure of sensitive information can negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring confidentiality.
By exposing system details, process lists, network configurations, and other sensitive metrics to any origin via a permissive CORS policy, this vulnerability increases the risk of data breaches and unauthorized data exfiltration, which are critical compliance concerns under these regulations.