{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35588", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-03T20:09:02.828Z", "datePublished": "2026-04-20T23:20:34.998Z", "dateUpdated": "2026-04-21T13:35:04.526Z"}, "containers": {"cna": {"title": "Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7"}, {"name": "https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160"}, {"name": "https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c", "tags": ["x_refsource_MISC"], "url": "https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c"}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"version": "< 4.5.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-20T23:20:34.998Z"}, "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix."}], "source": {"advisory": "GHSA-grp3-h8m8-45p7", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:35:00.699295Z", "id": "CVE-2026-35588", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:35:04.526Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35588", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-21T13:35:00.699295Z"}}}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:34:55.661Z"}}], "cna": {"title": "Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values", "source": {"advisory": "GHSA-grp3-h8m8-45p7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nicolargo", "product": "glances", "versions": [{"status": "affected", "version": "< 4.5.4"}]}], "references": [{"url": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7", "name": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160", "name": "https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c", "name": "https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-20T23:20:34.998Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35588", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:35:04.526Z", "dateReserved": "2026-04-03T20:09:02.828Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-20T23:20:34.998Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*", "matchCriteriaId": "03B811B3-8AF9-4B29-A6F5-A2348591DCCE", "versionEndExcluding": "4.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix."}], "id": "CVE-2026-35588", "lastModified": "2026-04-22T18:40:39.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T00:16:29.163", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glances", "source": "cna", "vendor": "nicolargo"}, "product": "glances", "vendor": "nicolargo"}], "analysis": {"en": {"generated_at": "2026-04-21T15:35:59.931583+00:00", "value": {"mitigation_remediation": ["Upgrade Glances to version 4.5.4 or newer, which sanitizes keyspace, table, and replication_factor values before embedding them in CQL statements.", "If an upgrade is not immediately possible, ensure that only trusted system administrators have write permissions to glances.conf, and consider setting file permissions to read\u2011only for untrusted users.", "If you cannot enforce strict file permissions, monitor glances.conf for unauthorized changes and restore it to a known good state as a temporary protection measure."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Data Redirection to Attacker-Controlled Cassandra"}, "threat_synthesis": {"affected_systems": "The flaw exists in all Glances releases prior to version 4.5.4, distributed under the nicolargo:glances vendor designation. Any deployment that uses a configuration file with write permissions granted to local users is vulnerable.", "description_and_impact": "Glances, an open\u2011source system monitoring tool, interpolated its \"keyspace\", \"table\", and \"replication_factor\" configuration values directly into CQL statements without validation. The result was a classic CQL injection vulnerability, where a user with write access to the configuration file could insert arbitrary CQL parameters and redirect all monitoring output to a Cassandra keyspace of the attacker\u2019s choosing. This bypasses the intended namespace isolation, potentially exposing sensitive system metrics, allowing an attacker to inject or corrupt monitoring data, and could serve as an avenue for data exfiltration or misuse of resources. The weakness maps to CWE\u201189 (SQL Injection) in the context of Cassandra\u2019s CQL.", "risk_and_exploitability": "With a CVSS score of 6.3, the vulnerability is considered medium severity. The EPSS score is not available, and the issue is not listed in CISA\u2019s KEV catalog. The attack requires write access to glances.conf, which is typically limited to the privileged user running Glances or a user who can modify configuration files. Whether the configuration file is exposed to remote users depends on the deployment; however, the primary attack vector is local intrusion. Once the attacker writes malicious configuration values, Glances will send monitoring data to the attacker\u2019s Cassandra instance, achieving the goals outlined above."}}}}, "created": "2026-04-21T00:30:22.736735+00:00", "updated": "2026-04-21T15:37:55.187003+00:00", "vendors": ["nicolargo", "nicolargo$PRODUCT$glances"]}