CVE-2026-1435 in Web Interfaceinformación

Resumen

por MITRE • 2026-02-18

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise the integrity of the affected account.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

INCIBE

Reservar

2026-01-26

Divulgación

2026-02-18

Moderación

aceptado

Artículo

VDB-346477

CPE

listo

EPSS

0.00367

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!