CVE-2026-30928
Published: 10 March 2026
Summary
CVE-2026-30928 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Nicolargo Glances. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires filtering of sensitive information prior to output, directly preventing exposure of unfiltered configuration credentials via the /api/4/config endpoint.
Limits permitted actions without identification or authentication, blocking unauthenticated remote access to sensitive configuration data.
Mandates timely flaw remediation, such as patching Glances to 4.5.1, to eliminate the vulnerability exposing the configuration file.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated access to the public /api/4/config endpoint exposes credentials from the on-disk glances.conf file, directly enabling T1190 (exploit of public-facing app) to achieve T1552.001 (credentials in files).
NVD Description
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured…
more
backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.
Deeper analysisAI
CVE-2026-30928 affects Glances, an open-source cross-platform system monitoring tool, in versions prior to 4.5.1. The vulnerability resides in the /api/4/config REST API endpoint, which exposes the entire parsed Glances configuration file (glances.conf) through the self.config.as_dict() method without any filtering of sensitive values. This configuration file may contain credentials for backend services, such as database passwords, API tokens, JWT signing keys, and SSL key passwords. Rated at CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and mapped to CWE-200 (Exposure of Sensitive Information), the issue was published on 2026-03-10.
Any unauthenticated remote attacker with network access to a Glances instance can exploit this by sending a request to the /api/4/config endpoint, retrieving the full configuration dictionary and thereby obtaining sensitive credentials. Successful exploitation requires no privileges or user interaction, enabling high-impact confidentiality breaches, such as unauthorized access to integrated databases, APIs, or other services configured in Glances.
The vulnerability is addressed in Glances version 4.5.1, as detailed in the project's security advisory (GHSA-gh4x-f7cq-wwx6), release notes, and the fixing commit (306a7136154ba5c1531489c99f8306d84eae37da). Security practitioners should upgrade to 4.5.1 or later and review exposed API endpoints for similar misconfigurations.
Details
- CWE(s)