VYPR
Medium severity6.3NVD Advisory· Published Apr 21, 2026· Updated Apr 22, 2026

CVE-2026-35588

CVE-2026-35588

Description

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (glances/exports/glances_cassandra/__init__.py) interpolates keyspace, table, and replication_factor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
glancesPyPI
< 4.5.44.5.4

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.