Lucene search
+L

6 matches found

Cvelist
Cvelist
added 2026/07/08 9:20 p.m.36 views

CVE-2026-44024 Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the $tag placeholder, and insufficient validation of $tag in file configurations such as the path...

9.8CVSS0.01085EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/26 4:32 p.m.8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the path parameter in output plugins when using the $tag placeholder. An attacker can overwrite arbitrary files or inject malicious content by sending specially crafted log entries containing path traversal...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 4:32 p.m.5 views

GHSA-44HJ-4M45-FRJ3 Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/26 4:32 p.m.11 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References3Affected Software1
RubySec
RubySec
added 2026/06/26 12:0 a.m.6 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.18 views

PT-2026-53002

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description Insufficient validation of the $tag placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and use...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References18
Rows per page
Query Builder