Python
CVE-2026-32609
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing as_dict_secure() redaction. However, the /api/v4/args and /api/v4/args/{item} endpoints were not addressed by this fix. These endpoints return the complete command-line arguments namespace via vars(self.args), which includes the password hash (salt + pbkdf2_hmac), SNMP community strings, SNMP authentication keys, and the configuration file path. When Glances runs without --password (the default), these endpoints are accessible without any authentication.
Details
The secrets exposure fix (GHSA-gh4x, commit 5d3de60) modified three config-related endpoints to use as_dict_secure() when no password is configured:
# glances/outputs/glances_restful_api.py:1168 (FIXED)
args_json = self.config.as_dict() if self.args.password else self.config.as_dict_secure()However, the _api_args and _api_args_item endpoints were not part of this fix and still return all arguments without any sanitization:
# glances/outputs/glances_restful_api.py:1222-1237
def _api_args(self):
try:
# Get the RAW value of the args dict
# Use vars to convert namespace to dict
args_json = vars(self.args)
except Exception as e:
raise HTTPException(status.HTTP_404_NOT_FOUND, f"Cannot get args ({str(e)})")
return GlancesJSONResponse(args_json)And the item-specific endpoint:
# glances/outputs/glances_restful_api.py:1239-1258
def _api_args_item(self, item: str):
...
args_json = vars(self.args)[item]
return GlancesJSONResponse(args_json)The self.args namespace contains sensitive fields set during initialization in glances/main.py:
password(line 806-819): When--passwordis used, this contains the salt + pbkdf2_hmac hash. An attacker can use this for offline brute-force attacks.snmp_community(line 445): Default"public", but may be set to a secret community string for SNMP monitoring.snmp_user(line 448): SNMP v3 username, default"private".snmp_auth(line 450): SNMP v3 authentication key, default"password"but typically set to a secret value.conf_file(line 198): Path to the configuration file, reveals filesystem structure.username(line 430/800): The Glances authentication username.
Both endpoints are registered on the authenticated router (line 504-505):
f'{base_path}/args': self._api_args,
f'{base_path}/args/{{item}}': self._api_args_item,When --password is not set (the default), the router has NO authentication dependency (line 479-480), making these endpoints completely unauthenticated:
if self.args.password:
router = APIRouter(prefix=self.url_prefix, dependencies=[Depends(self.authentication)])
else:
router = APIRouter(prefix=self.url_prefix)PoC
Scenario 1: No password configured (default deployment)
# Start Glances in web server mode (default, no password)
glances -w
# Access all command line arguments without authentication
curl -s http://localhost:61208/api/4/args | python -m json.tool
# Expected output includes sensitive fields:
# "password": "",
# "snmp_community": "public",
# "snmp_user": "private",
# "snmp_auth": "password",
# "username": "glances",
# "conf_file": "/home/user/.config/glances/glances.conf",
# Access specific sensitive argument
curl -s http://localhost:61208/api/4/args/snmp_community
curl -s http://localhost:61208/api/4/args/snmp_authScenario 2: Password configured (authenticated deployment)
# Start Glances with password authentication
glances -w --password --username admin
# Authenticate and access args (password hash exposed to authenticated users)
curl -s -u admin:mypassword http://localhost:61208/api/4/args/password
# Returns the salt$pbkdf2_hmac hash which enables offline brute-forceImpact
- Unauthenticated network reconnaissance: When Glances runs without
--password(the common default for internal/trusted networks), anyone who can reach the web server can enumerate SNMP credentials, usernames, file paths, and all runtime configuration. - Offline password cracking: When authentication is enabled, an authenticated user can retrieve the password hash (salt + pbkdf2_hmac) and perform offline brute-force attacks. The hash uses pbkdf2_hmac with SHA-256 and 100,000 iterations (see
glances/password.py:45), which provides some protection but is still crackable with modern hardware. - Lateral movement: Exposed SNMP community strings and v3 authentication keys can be used to access other network devices monitored by the Glances instance.
- Supply chain for CORS attack: Combined with the default CORS misconfiguration (finding 001), these secrets can be stolen cross-origin by a malicious website.
Recommended Fix
Apply the same redaction pattern used for the /api/v4/config endpoints:
# glances/outputs/glances_restful_api.py
_SENSITIVE_ARGS = frozenset({
'password', 'snmp_community', 'snmp_user', 'snmp_auth',
'conf_file', 'password_prompt', 'username_used',
})
def _api_args(self):
try:
args_json = vars(self.args).copy()
if not self.args.password:
for key in _SENSITIVE_ARGS:
if key in args_json:
args_json[key] = "********"
# Never expose the password hash, even to authenticated users
if 'password' in args_json and args_json['password']:
args_json['password'] = "********"
except Exception as e:
raise HTTPException(status.HTTP_404_NOT_FOUND, f"Cannot get args ({str(e)})")
return GlancesJSONResponse(args_json)
def _api_args_item(self, item: str):
if item not in self.args:
raise HTTPException(status.HTTP_400_BAD_REQUEST, f"Unknown argument item {item}")
try:
if item in _SENSITIVE_ARGS:
if not self.args.password:
return GlancesJSONResponse("********")
if item == 'password':
return GlancesJSONResponse("********")
args_json = vars(self.args)[item]
except Exception as e:
raise HTTPException(status.HTTP_404_NOT_FOUND, f"Cannot get args item ({str(e)})")
return GlancesJSONResponse(args_json)AnalysisAI
A critical information disclosure vulnerability in Glances system monitoring tool allows unauthenticated remote attackers to access sensitive configuration data including password hashes, SNMP community strings, and authentication keys through unprotected API endpoints. The vulnerability affects Glances versions prior to 4.5.2 when running in web server mode without password protection (the default configuration), and a proof-of-concept demonstrating the attack is publicly available. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a high CVSS score of 7.5 due to the ease of exploitation and severity of exposed secrets.
Technical ContextAI
Glances is a Python-based cross-platform system monitoring tool (identified as pkg:pip/glances in the CPE database) that provides RESTful API endpoints for remote monitoring. The vulnerability stems from CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) where the /api/v4/args and /api/v4/args/{item} endpoints directly expose the command-line arguments namespace via vars(self.args) without sanitization. This is particularly problematic because these arguments contain sensitive authentication material including pbkdf2_hmac password hashes with SHA-256 and 100,000 iterations, SNMP v3 authentication keys, and filesystem paths that reveal server structure.
RemediationAI
Upgrade Glances to version 4.5.2 or later which includes the security fix commit ff14eb9780ee10ec018c754754b1c8c7bfb6c44f as documented in the vendor advisory at https://github.com/nicolargo/glances/security/advisories/GHSA-cvwp-r2g2-j824. Until patching is possible, immediately enable password authentication by starting Glances with the --password flag, though note that even authenticated users can still access password hashes in vulnerable versions. As an additional defense-in-depth measure, restrict network access to the Glances web interface using firewall rules or reverse proxy authentication, and avoid storing sensitive SNMP credentials in command-line arguments by using configuration files with restricted permissions.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-cvwp-r2g2-j824