Auth bypass in Nicolargo Glances

CVE-2026-34839

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due…

Vulnerability class: Information Disclosure

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

Affected products

Nicolargo Glances — versions < 4.5.4

Weakness classification (CWE)

References

https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh (x_refsource_CONFIRM)
https://github.com/nicolargo/glances/commit/fdfb977b1d91b5e410bc06c4e19f8bedb0005ce9 (x_refsource_MISC)