CVE-2026-35588
Received Received - Intake
CQL Injection in Glances Cassandra Exporter Allows Data Redirection

Publication date: 2026-04-21

Last updated on: 2026-04-22

Assigner: GitHub, Inc.

Description
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A user with write access to `glances.conf` can redirect all monitoring data to an attacker-controlled Cassandra keyspace. Version 4.5.4 contains a fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35588
EUVD
EUVD-2026-23992
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nicolargo glances to 4.5.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-35588 is a CQL injection vulnerability in the Cassandra export module of the Glances monitoring tool. Before version 4.5.4, the module interpolated configuration values for keyspace, table, and replication_factor directly into CQL statements without validation. This allowed an attacker with write access to the glances.conf configuration file to inject malicious CQL commands by specifying crafted values for these parameters.

The vulnerability arises because the configuration values are not sanitized or validated, enabling an attacker to redirect monitoring data to an attacker-controlled Cassandra keyspace and table. The fix introduced strict validation using regular expressions to ensure that keyspace and table names start with a letter and contain only letters, digits, and underscores, and that the replication factor is a positive integer.

Impact Analysis

If exploited, this vulnerability allows an attacker with write access to the Glances configuration file to redirect all monitoring data (such as CPU, memory, network, and disk I/O statistics) to a Cassandra keyspace and table controlled by the attacker.

This can lead to significant confidentiality and integrity breaches because sensitive monitoring data can be exfiltrated or manipulated without detection. Additionally, legitimate monitoring data may be lost or corrupted, impacting the reliability of system monitoring.

Detection Guidance

This vulnerability arises from unsafe configuration values in the glances.conf file related to Cassandra export settings. Detection involves checking the configuration file for suspicious or malformed keyspace, table, or replication_factor values that do not conform to safe CQL identifier patterns.

Specifically, you should look for keyspace and table names that contain characters other than letters, digits, and underscores, or that do not start with a letter. Also, replication_factor should be a positive integer.

Since the vulnerability requires write access to glances.conf, inspecting this file for unexpected or malicious entries is a primary detection method.

  • Use grep or similar tools to find suspicious entries in glances.conf, for example:
  • grep -E 'keyspace|table|replication_factor' /path/to/glances.conf
  • Check for invalid keyspace or table names that do not match the regex ^[a-zA-Z][a-zA-Z0-9_]*$ using commands like:
  • grep -P 'keyspace\s*=\s*[^a-zA-Z][^\s]*' /path/to/glances.conf
  • Or write a small script to validate these identifiers against the regex pattern.

Additionally, monitoring unexpected network connections or data flows to unknown Cassandra keyspaces or tables controlled by an attacker may help detect exploitation.

Mitigation Strategies

The primary mitigation is to upgrade Glances to version 4.5.4 or later, where the vulnerability is fixed by validating configuration inputs.

If upgrading immediately is not possible, restrict write access to the glances.conf configuration file to trusted users only, preventing attackers from modifying keyspace, table, or replication_factor values.

Manually review and sanitize the Cassandra export configuration values in glances.conf to ensure they conform to safe CQL identifier patterns: keyspace and table names must start with a letter and contain only letters, digits, and underscores; replication_factor must be a positive integer.

Consider disabling the Cassandra export feature temporarily if it is not essential, to prevent potential exploitation.

Compliance Impact

This vulnerability allows an attacker with write access to the configuration file to redirect sensitive monitoring data to an attacker-controlled Cassandra keyspace and table. This results in significant confidentiality and integrity breaches of monitoring data, which may include CPU, memory, network, and disk I/O statistics.

Such unauthorized data redirection and potential data exfiltration can lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and authorized access.

Because the vulnerability enables an attacker to silently capture and manipulate monitoring data, organizations using affected versions of Glances may face risks related to data privacy violations and failure to maintain data integrity, both critical aspects of these compliance frameworks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35588. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart