Graylog
by Graylog
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37760 | Cri | 0.64 | 9.8 | 0.01 | Jul 31, 2021 | A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | ||
| CVE-2021-37759 | Cri | 0.64 | 9.8 | 0.01 | Jul 31, 2021 | A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | ||
| CVE-2026-1439 | 0.00 | — | 0.00 | Feb 18, 2026 | Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding,… | |||
| CVE-2026-1436 | 0.00 | — | 0.00 | Feb 18, 2026 | Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be… | |||
| CVE-2014-9217 | 0.00 | — | 0.02 | Dec 8, 2014 | Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. |
- risk 0.64cvss 9.8epss 0.01
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
- risk 0.64cvss 9.8epss 0.01
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
- CVE-2026-1439Feb 18, 2026risk 0.00cvss —epss 0.00
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding,…
- CVE-2026-1436Feb 18, 2026risk 0.00cvss —epss 0.00
Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be…
- CVE-2014-9217Dec 8, 2014risk 0.00cvss —epss 0.02
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.