Cassandra Export Module Vulnerability in Glances Tool by Glances
CVE-2026-35588

6.3MEDIUM

Key Information:

Vendor

Nicolargo

Status
Glances
Vendor
CVE Published:
20 April 2026

What is CVE-2026-35588?

The Glances monitoring tool is susceptible to a vulnerability in its Cassandra export module prior to version 4.5.4. The module fails to validate configuration values for 'keyspace', 'table', and 'replication_factor' before incorporating them into Cassandra Query Language (CQL) statements. This oversight can be exploited by users with write access to 'glances.conf', enabling them to redirect monitoring data to a Cassandra keyspace controlled by an attacker. Patch available in version 4.5.4.

Affected Version(s)

glances < 4.5.4

References

https://github.com/nicolargo/glances/security/advisories/...
x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/d339181f03a14...
x_refsource_MISC
https://github.com/nicolargo/glances/commit/e41b665576f9f...
x_refsource_MISC

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.