anonhaven
Ad

CVE-2026-30930

HIGH CVSS 4.0: 8.6 EPSS 0.03%
Updated Mar 17, 2026
Nicolargo
Parameter Value
CVSS 8.6 (HIGH)
Affected Versions before 4.5.1
Fixed In 4.5.1
Type CWE-89 (SQL Injection)
Vendor Nicolargo
Public PoC No

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names.

This vulnerability is fixed in 4.5.1.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-89 SQL Injection

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Nicolargo Glances
cpe:2.3:a:nicolargo:glances:*:*:*:*:*:*:*:*
 4.5.1

References 3

https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca7225…
security-advisories@github.com
https://github.com/nicolargo/glances/releases/tag/v4.5.1
security-advisories@github.com
https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33641

Glances

7.8

CVE-2026-33533

Payload

7.1

CVE-2026-32634

Nicolargo

8.1

CVE-2026-32633

Nicolargo

9.1

CVE-2026-32632

Nicolargo

5.9