cbcvebase.
CVE-2026-30928
published 2026-03-10

CVE-2026-30928: Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances…

PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.66%
73.7th percentile
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianglances< glances 4.5.1+dfsg-1 (forky)glances 4.5.1+dfsg-1 (forky)
glances_projectglances>= 0 < 4.5.1+dfsg-14.5.1+dfsg-1
glances_projectglances>= 0 < 4.5.14.5.1
nicolargoglances< 4.5.14.5.1

Detection & IOCsextracted from sources · hover to see the quote

url/api/4/config
yara
regex: '"password": "[A-Za-z0-9_@.#&+-;$]*",'
  • Send a GET request to /api/4/config and inspect the JSON response body for credential fields (e.g., 'password', API tokens, JWT keys). A 200 response with Content-Type: application/json containing password fields indicates a vulnerable, unpatched Glances instance.
  • Match HTTP responses from /api/4/config for the regex pattern '"password": "[A-Za-z0-9_@.#&+-;$]*",' in the body combined with 'application/json' in the Content-Type header and HTTP 200 status to confirm exploitation.
  • ·Exploitation requires API access to the Glances instance; the endpoint is not necessarily exposed to unauthenticated internet traffic by default, but misconfigured deployments may expose it publicly.
  • ·All Glances versions prior to 4.5.1 are affected. Debian 'trixie' remains open/unresolved as of the tracker snapshot.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.7HIGH
vendor_debian8.7LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.