CVE-2026-30930 — CRITICAL (9.8)

Q: How severe is CVE-2026-30930?

CVE-2026-30930 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-30930?

Check the references section above for vendor advisories and patch information. Affected products include: Nicolargo Glances.

Vulnerability Description

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nicolargo	Glances	< 4.5.1

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2026-30930?

CVE-2026-30930 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data...

How severe is CVE-2026-30930?

CVE-2026-30930 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-30930?

Check the references section above for vendor advisories and patch information. Affected products include: Nicolargo Glances.