437 matches found
CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...
CVE-2026-33466
CVE-2026-33466 affects Logstash by improper limitation of a pathname to a restricted directory (CWE-22). The archive extraction utilities do not validate file paths inside archives, allowing a crafted archive served via an attacker-controlled update endpoint to write arbitrary files with Logstash...
CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...
Logstash 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-29)
Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The...
PT-2026-31346
Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...
Elastic Logstash 安全漏洞
Elastic Logstash is a set of log analysis and monitoring tools developed by the Dutch company Elastic. There is a security vulnerability in Elastic Logstash, which stems from improper path restrictions. This vulnerability could allow arbitrary file writes and remote code execution...
CLEANSTART-2026-FO41609 Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-JO97977 Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GY92571 Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)
Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information Dependency on Vulnerable Third-Party Component CWE-1395 exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an...
CLEANSTART-2026-XJ84245 Rack is a modular Ruby web server interface
Multiple security vulnerabilities affect the logstash-fips package. Rack is a modular Ruby web server interface. See references for individual vulnerability details...
CLEANSTART-2026-EW93264 Security fixes for GHSA-4CX2-FC23-5WG6, GHSA-6XW4-3V39-52MM, GHSA-72QJ-48G4-5XGX, GHSA-MR3Q-G2MV-MR4Q, GHSA-P543-XPFM-54CP, GHSA-VC5P-V9HR-52MJ, GHSA-VQG5-3255-V292 applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-WHRJ-4476-WVMP vulnerabilities
Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...
GHSA-MXW3-3HH2-X2MH vulnerabilities
Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...
CVE-2026-25500 vulnerabilities
Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...
CVE-2026-22860 vulnerabilities
Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...
GHSA-72QJ-48G4-5XGX vulnerabilities
Vulnerabilities for packages: elasticsearch...
CVE-2025-46551 vulnerabilities
Vulnerabilities for packages: elasticsearch...
CVE-2021-22138
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in...
CVE-2022-31520
The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...