CVE-2026-30928

UNKNOWN 0.0

Glances Exposes Unauthenticated Configuration Secrets

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.

CWE	CWE-200
Vendor	nicolargo
Product	glances
Published	Mar 10, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for nicolargo glances

Be the first to know when new unknown vulnerabilities affecting nicolargo glances are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

nicolargo / glances

< 4.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6 github.com: https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da github.com: https://github.com/nicolargo/glances/releases/tag/v4.5.1