Home / Vulnerability Intelligence / CVE-2026-35588

CVE-2026-35588 - Vulnerability Analysis

MediumCVSS: 6.3

Last Updated: April 22, 2026

Glances - NoSQL Injection

Published: April 21, 2026Updated: April 22, 2026PoC Available

Overview

Glances < 4.5.4 contains a NoSQL injection caused by direct interpolation of keyspace, table, and replication_factor in Cassandra export module, letting users with write access to glances.conf redirect monitoring data, exploit requires write access to configuration file.

Severity & Score

Severity: Medium

CVSS Score: 6.3

Impact

An attacker with write access to configuration can redirect monitoring data to attacker-controlled Cassandra keyspace, potentially compromising data integrity.

Mitigation

Update to version 4.5.4 or later.

References

https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7
https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160
https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-35588
Severity: Medium
CVSS Score: 6.3
Type: nosql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L