CVE-2026-30930CRITICAL 9.8EPSS p28.1%

CVE-2026-30930CVE-2026-30930

Description

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 28.1% · 2026-06-18T12:00:27Z
Published2026-03-10
Last modified2026-04-29

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336
  2. https://github.com/nicolargo/glances/releases/tag/v4.5.1
  3. https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32611
CVE
CVE-2026-35587
CVE
CVE-2026-32634
CVE
CVE-2026-32633
CVE
CVE-2026-32610
CVE
CVE-2025-26943
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.