Cyber Resilience

CVE-2026-30928

HighPublic PoC

Published: 10 March 2026

Published
10 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0166 73.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30928 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Nicolargo Glances. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-15 (Information Output Filtering).

Deeper analysis

Glances is an open-source cross-platform system monitoring tool affected by an information disclosure vulnerability tracked as CVE-2026-30928. Prior to version 4.5.1, the /api/4/config REST API endpoint returns the full contents of the parsed glances.conf configuration file through an unfiltered call to self.config.as_dict(). This exposes all configured credentials, including database passwords, API tokens, JWT signing keys, and SSL key passwords, and is classified under CWE-200 with a CVSS 4.0 score of 8.7.

An unauthenticated remote attacker with network access to the API endpoint can retrieve the entire configuration and obtain credentials for backend services. The attack requires no user interaction or privileges, allowing direct extraction of sensitive values that could be used to compromise connected databases, APIs, or other infrastructure monitored by Glances.

The vulnerability is addressed in the 4.5.1 release, as noted in the GitHub security advisory GHSA-gh4x-f7cq-wwx6, the corresponding commit 306a7136154ba5c1531489c99f8306d84eae37da, and the v4.5.1 release tag. The EPSS score reached a peak of 0.0845 with a current value of 0.0667.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured…

more

backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Unauthenticated access to the public /api/4/config endpoint exposes credentials from the on-disk glances.conf file, directly enabling T1190 (exploit of public-facing app) to achieve T1552.001 (credentials in files).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32609Same product: Nicolargo Glances
CVE-2026-32596Same product: Nicolargo Glances
CVE-2026-32633Same product: Nicolargo Glances
CVE-2026-32611Same product: Nicolargo Glances
CVE-2026-30930Same product: Nicolargo Glances
CVE-2026-32610Same product: Nicolargo Glances
CVE-2026-35587Same product: Nicolargo Glances
CVE-2026-33641Same product: Nicolargo Glances
CVE-2026-32634Same product: Nicolargo Glances
CVE-2025-25729Shared CWE-200

Affected Assets

nicolargo
glances
≤ 4.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires filtering of sensitive information prior to output, directly preventing exposure of unfiltered configuration credentials via the /api/4/config endpoint.

prevent

Limits permitted actions without identification or authentication, blocking unauthenticated remote access to sensitive configuration data.

prevent

Mandates timely flaw remediation, such as patching Glances to 4.5.1, to eliminate the vulnerability exposing the configuration file.

References