Main Vulnerability Database SB2026042159

SB2026042159 - SQL injection in glances

Published: April 21, 2026

Security Bulletin ID SB2026042159

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) SQL injection (CVE-ID: CVE-2026-35588)

The vulnerability allows a local privileged user to disclose sensitive information and modify monitoring data destinations.

The vulnerability exists due to improper neutralization of special elements in CQL statements in the Cassandra export module when processing user-controlled configuration values from glances.conf. A local privileged user can supply crafted keyspace, table, or replication_factor values to disclose sensitive information and modify monitoring data destinations.

The issue can silently redirect exported CPU, memory, network, and disk I/O data to an attacker-controlled Cassandra keyspace.

Remediation

Install update from vendor's website.

SB2026042159 - SQL injection in glances

Breakdown by Severity

Description

Remediation

References

Please verify you're human