Information disclosure in Nicolargo Glances

CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensiti…

Vulnerability class: Information Disclosure

EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.

Affected products

Nicolargo Glances — versions < 4.5.1

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6 (x_refsource_CONFIRM)
https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da (x_refsource_MISC)
https://github.com/nicolargo/glances/releases/tag/v4.5.1 (x_refsource_MISC)