CVE-2026-1436 in Web Interfaceinfo

Zusammenfassung

von MITRE • 18.02.2026

Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

INCIBE

Reservieren

26.01.2026

Veröffentlichung

18.02.2026

Moderieren

akzeptiert

Eintrag

VDB-346479

CPE

bereit

EPSS

0.00212

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!