CVE-2026-1436 in Web Interfaceinformación

Resumen

por MITRE • 2026-02-18

Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

INCIBE

Reservar

2026-01-26

Divulgación

2026-02-18

Moderación

aceptado

Artículo

VDB-346479

CPE

listo

EPSS

0.00212

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!