SQL Injection Vulnerability in Glances Monitoring Tool by Glances Team
CVE-2026-30930

7.3HIGH

Key Information:

Vendor

Nicolargo

Status
Glances
Vendor
CVE Published:
10 March 2026

What is CVE-2026-30930?

The Glances monitoring tool, a popular open-source system monitoring utility, has a vulnerability in its TimescaleDB export module prior to version 4.5.1. Due to improper handling of user input through string concatenation, SQL queries may be constructed using unsanitized data. This flaw allows attackers to manipulate the SQL queries by injecting malicious input, such as process names or filesystem paths, leading to potential unauthorized access or data breaches. The issue has been addressed in version 4.5.1, which includes necessary updates for secure data handling.

Affected Version(s)

glances < 4.5.1

References

https://github.com/nicolargo/glances/security/advisories/...
x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/39161f0d6fd72...
x_refsource_MISC
https://github.com/nicolargo/glances/releases/tag/v4.5.1
x_refsource_MISC

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.