CVE-2026-33466 in Logstashالمعلومات

الملخص

بحسب MITRE • 08/04/2026

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Elastic

حجز

20/03/2026

إفشاء

08/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-356301

CPE

جاهز

CWE

CWE-22 (مؤكد)

CVSS

8.1 (CNA)

EPSS

0.00597

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33466
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33466
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33466/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!