CVE-2026-32633 — AI Deep Analysis Summary

🚨 **Essence**: Glances < 4.5.2 leaks embedded HTTP basic credentials via `/api/4/serverslist` in Central Browser mode.…

🛡️ **CWE**: CWE-200 (Information Exposure). 🔍 **Flaw**: The API endpoint fails to sanitize server objects, exposing sensitive authentication data that should remain hidden from unauthenticated users.

📦 **Vendor**: Nicolargo. 📦 **Product**: Glances. ⚠️ **Affected**: Versions **prior to 4.5.2**. ✅ **Fixed**: Version 4.5.2 and later.

🕵️ **Action**: Retrieve embedded HTTP Basic Auth credentials. 🔓 **Impact**: High Confidentiality & Integrity impact. Hackers gain access to downstream servers using stolen credentials without needing direct access.

🔓 **Auth**: None required (PR:N). 🌐 **Access**: Network accessible (AV:N). 🚀 **Threshold**: **LOW**. Any network user can trigger the leak via the API endpoint without logging in.

🚫 **Public Exp**: No PoC provided in data. 📉 **Risk**: While no wild exploit exists yet, the low barrier to entry makes it highly susceptible to rapid automation by threat actors.

🔍 **Check**: Scan for Glances Central Browser mode. 📡 **Test**: Request `GET /api/4/serverslist` without auth. 👀 **Verify**: Inspect JSON response for embedded `username`/`password` fields in server objects.

✅ **Patch**: Yes! Upgrade to **Glances 4.5.2**.…

🛑 **Workaround**: Disable Central Browser mode if not needed. 🚫 **Network**: Restrict access to the Glances API port via firewall rules. 🧹 **Audit**: Regularly rotate credentials for downstream servers.

🔥 **Priority**: **HIGH**. CVSS Score indicates High Confidentiality/Integrity impact with no auth required. Immediate patching or mitigation is strongly recommended to prevent credential theft.