cbcvebase.
CVE-2026-35588
published 2026-04-21

CVE-2026-35588: Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module…

PriorityP432medium6.3CVSS 3.1
AVLACLPRHUINSUCHIHAL
EPSS
0.21%
11.4th percentile
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix.

Affected

2 ranges
VendorProductVersion rangeFixed in
glances_projectglances>= 0 < 4.5.44.5.4
nicolargoglances< 4.5.44.5.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.