CVE-2026-1436 in Web Interfaceinformação

Sumário

de MITRE • 18/02/2026

Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://:12900/users/' does not implement object-level authorization validations.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

INCIBE

Reservar

26/01/2026

Divulgação

18/02/2026

Moderação

aceite

Entrada

VDB-346479

CPE

pronto

EPSS

0.00212

KEV

não

Atividades

muito baixo

Fontes

Interested in the pricing of exploits?

See the underground prices here!