95 matches found
CVE-2026-21726
A flaw was found in Loki. A remote attacker can exploit a path traversal vulnerability by using double encoding on the namespace parameter after a single URL decode. This allows the attacker to read arbitrary files at the Ruler API endpoint, leading to information disclosure...
SUSE CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
GHSA-497X-RRR9-68JP Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
EUVD-2026-23100
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
CVE-2026-21726
CVE-2026-21726 is a Grafana Loki path traversal vulnerability related to namespace parameter handling. The literature links it to the historic CVE-2021-36156 bypass in Loki’s path traversal, potentially allowing an attacker to read files via the Ruler API endpoint /loki/api/v1/rules/{namespace} a...
Grafana Loki 安全漏洞
Grafana Loki is an open-source log aggregation system developed by Grafana. There is a security vulnerability in Grafana Loki, which stems from insufficient validation of path traversal sequences. This vulnerability could allow attackers to read Ruler API endpoint files through double-encryption...
CLEANSTART-2026-CG86499 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 3.6.5-r0
Multiple security vulnerabilities affect the fluent-bit-plugin-loki package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: grafana-beyla, eksctl, terragrunt-fips, commercial-grafana, influxd, rclone, grafana-fips, weaviate, chainloop-cli-fips, prometheus-fips, vcluster, cri-tools, mcp-grafana-fips, grafana-alloy-fips, k3s, malcontent, teleport, chainloop-cli, loki-fips, k8sgpt,...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: mcp-grafana, terraform-mcp-server, redpanda, grafana-alloy, opentelemetry-collector, datadog-agent, weaviate, k8sgpt, maru, grafana, vcluster, minio, goreleaser, eksctl, rclone, k3s, lazygit, nfpm, nuclei, prometheus, dgraph, gitlab-runner,...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: agentbeat, kyverno-policy-reporter-fips, seaweedfs, juicefs, apko, step-ca-fips, keda, openfga-fips, kyverno-fips, spicedb-fips, sqlexporter-fips, keda-fips, dex, vault, sops-fips, dex-fips, trillian-fips, splunk-otel-collector, vault-fips, fulcio-fips,...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: croc, apko, keda, juicefs, openbao, spicedb, flux-kustomize-controller, telegraf, sops, temporal, temporal-server, nri-mysql, gitea, grafana-alloy, certificate-transparency, crossplane-provider-sql, tailscale, trufflehog, amass, kyverno, age, minio, step-ca, kine,...
SUSE-SU-2026:0327-1 Security update for alloy
This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...
PT-2026-21013
Уязвимость прикладного программного интерфейса системы для агрегации и хранения логов Loki связана с неверным ограничением имени пути к каталогу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации с помощью...
Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...