Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Nicolargo |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Nicolargo |
|
References
History
Tue, 21 Apr 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nicolargo
Nicolargo glances |
|
| Vendors & Products |
Nicolargo
Nicolargo glances |
Mon, 20 Apr 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix. | |
| Title | Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-04-20T23:20:34.998Z
Reserved: 2026-04-03T20:09:02.828Z
Link: CVE-2026-35588
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-21T00:16:29.163
Modified: 2026-04-21T00:16:29.163
Link: CVE-2026-35588
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-21T00:30:22Z