Lucene search
K

7 matches found

CVE
CVE
added last week92 views

CVE-2026-44024

CVE-2026-44024 affects Fluentd. The issue arises when file paths are dynamically constructed via the ${tag} placeholder in configurations (notably in the out_file plugin). Insufficient validation of ${tag} with untrusted tags can introduce path traversal, enabling an attacker to write or overwrit...

9.8CVSS7.6AI score0.01085EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week36 views

CVE-2026-44024 Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the $tag placeholder, and insufficient validation of $tag in file configurations such as the path...

9.8CVSS0.01085EPSS
Exploits0References4
Redos
Redos
added 2026/03/19 12:0 a.m.7 views

ROS-20260319-73-0009

A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...

5.3CVSS5.9AI score0.00666EPSS
Exploits0
OSV
OSV
added 2025/12/01 8:38 p.m.5 views

BIT-FLUENT-BIT-2025-12972 CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

5.3CVSS6.9AI score0.00666EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 3:30 p.m.14 views

EUVD-2025-198810

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

5.3CVSS6.4AI score0.00666EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 2:40 p.m.30 views

CVE-2025-12972

CVE-2025-12972 affects Fluent Bit, specifically the out_file plugin. When the File option is omitted, untrusted tag input is used to build output file paths, and tags containing path traversal sequences can cause files to be written outside the intended directory. This may enable unauthorized fil...

5.3CVSS6.5AI score0.00666EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/24 2:40 p.m.5 views

CVE-2025-12972 CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

5.3CVSS6.4AI score0.00666EPSS
Exploits0References4
Rows per page
Query Builder