257 matches found
GHSA-XV9W-7V6Q-HPJH fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`
The fluent-plugin-s3 plugin specifically the ins3 input plugin supports reading and decompressing heavily compressed files such as gzip, lzma2, and lzop from Amazon S3. It was discovered that the plugin read the entire decompressed payload into memory at once without enforcing a strict size limit...
GHSA-72F5-RR8C-R6GR Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...
GHSA-J9CW-HWQF-85W7 Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...
GHSA-PR7J-96CJ-549H Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...
GHSA-44HJ-4M45-FRJ3 Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...
PT-2026-53002
Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description Insufficient validation of the $tag placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and use...
PT-2026-53005
The out http output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...
CVE-2026-54905 vulnerabilities
Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator...
GHSA-6WX8-W4F5-WWCR vulnerabilities
Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator...
CVE-2026-54906 vulnerabilities
Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator...
CVE-2026-54904 vulnerabilities
Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator...
GHSA-WV3X-4VXV-WHPP vulnerabilities
Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator...
GHSA-H8W8-99G7-QMVJ vulnerabilities
Vulnerabilities for packages: ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.3-rails, kube-fluentd-operator...
GHSA-98M9-HRRM-R99R vulnerabilities
Vulnerabilities for packages: gitlab-cng, gitlab-rails-ce, kube-logging-operator, cinc-auditor, ruby3.3-faraday, logstash, kube-fluentd-operator, gitlab-rails-ce-fips, logstash-fips...
CVE-2026-54297 vulnerabilities
Vulnerabilities for packages: gitlab-cng, gitlab-rails-ce, kube-logging-operator, cinc-auditor, ruby3.3-faraday, logstash, kube-fluentd-operator, gitlab-rails-ce-fips, logstash-fips...
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: prometheus, aws-flb-kinesis, telegraf, aactl, cert-manager, kubernetes, cilium-envoy, k3s, kube-fluentd-operator, datadog-agent, fscrypt, redka, kyverno, cilium-cli, gitlab-kas, kine, prometheus-operator, coredns, libnvidia-container, zot, nerdctl, kots, net-kourier,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: tofu-controller, kube-vip, kubernetes-csi-external-resizer, metacontroller, crane, terraform-mcp-server, harbor-scanner-trivy, nri-haproxy, helm-mapkubeapis, victoriametrics, nova, coredns, rancher-fleet, oras, syft, wgcf, kubebuilder, logstash-exporter, cilium,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: migrate, telegraf, tofu-controller, cloud-provider-vsphere, kube-state-metrics, kube-vip, policy-controller, spqr, volume-modifier-for-k8s, kubernetes-csi-external-resizer, rancher-agent, rclone, flux-source-controller, datadog-agent, flux-notification-controller,...
CLEANSTART-2026-HZ73294 Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service
Multiple security vulnerabilities affect the kube-fluentd-operator package. Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. See references for individual...
CLEANSTART-2026-SQ68600 Security fixes for CVE-2023-45288, CVE-2024-24786, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-65637, ghsa-4f99-4q7p-p3gh, ghsa-4v7x-pqxf-cx7m, ghsa-6v2p-p543-phr9, ghsa-8r3f-844c-mc37, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.18.2-r0
Multiple security vulnerabilities affect the kube-fluentd-operator package. These issues are resolved in later releases. See references for individual vulnerability details...