NIXPKGS-2026-0583

GitHub issue published on 11 Mar 2026

Permalink CVE-2026-30928

updated 4 days, 3 hours ago by @mweinelt Activity log

Created automatic suggestion 4 days, 11 hours ago
@mweinelt removed
5 packages
- python312Packages.glances-api
- python313Packages.glances-api
- python314Packages.glances-api
- home-assistant-component-tests.glances
- tests.home-assistant-component-tests.glances
4 days, 3 hours ago
@mweinelt accepted 4 days, 3 hours ago
@mweinelt published on GitHub 4 days, 3 hours ago

Glances Exposes Unauthenticated Configuration Secrets

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.

References

https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6 x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da x_refsource_MISC
https://github.com/nicolargo/glances/releases/tag/v4.5.1 x_refsource_MISC

Affected products

glances

==< 4.5.1

Matching in nixpkgs

pkgs.glances

Cross-platform curses-based monitoring tool

nixos-unstable 4.5.0.5
- nixpkgs-unstable 4.5.0.5
- nixos-unstable-small 4.5.0.5
nixos-25.11 4.3.3
- nixos-25.11-small 4.3.3
- nixpkgs-25.11-darwin 4.3.3

Ignored packages (5)

pkgs.python312Packages.glances-api

Python API for interacting with Glances

nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python314Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0

pkgs.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@primeos Michael Weiss <dev.primeos@gmail.com>
@k0ral Koral <koral@mailoo.org>

https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6
https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0583

References

Affected products

Matching in nixpkgs

pkgs.glances

pkgs.python312Packages.glances-api

pkgs.python313Packages.glances-api

pkgs.python314Packages.glances-api

pkgs.home-assistant-component-tests.glances

pkgs.tests.home-assistant-component-tests.glances

Package maintainers