CVE-2026-35588

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4

Description The Cassandra export module (glances/exports/glances cassandra/ init .py) interpolates configuration values directly into CQL statements without validation. A user with write access to glances.conf can manipulate the keyspace, table, and replication factor variables to redirect all exported monitoring data, including CPU, memory, network, and disk I/O, to an attacker-controlled Cassandra keyspace. This leads to data exfiltration and data loss.

Recommendations Update to version 4.5.4.