CVE-2026-1436 in Web Interfaceالمعلومات

الملخص

بحسب MITRE • 18/02/2026

Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

INCIBE

حجز

26/01/2026

إفشاء

18/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-346479

EPSS

0.00212

KEV

لا

النشاطات

منخفض جدًا

المصادر

Might our Artificial Intelligence support you?

Check our Alexa App!