CVE-2026-30930

High CVSS: 8.6

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1.

Vendor

Nicolargo

Product

Glances

CWE

CWE-89

Yayın Tarihi

2026-03-10 18:18:52

Güncelleme

2026-03-17 16:20:46

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Glances HIGH Nicolargo 2026

Referanslar

https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336 https://github.com/nicolargo/glances/releases/tag/v4.5.1 https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6

Benzer Kayıtlar

High

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic config…

High

CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (act…

High

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glance…

High

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL inject…

Medium

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the…

Critical

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/…