A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGraylog
APPGraylog0.20.0 – 4.1.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
Related vulnerabilities
CVE-2026-1435CRITICAL9.3PL ✓ten sam produkt
Graylog: brak unieważniania sesji po ponownym logowaniu (CWE-613)
CVE-2021-37760CRITICAL9.8ten sam produkt
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the acc...
CVE-2026-1436HIGH7.1ten sam produkt
Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in t...
CVE-2025-53106HIGH8.8ten sam produkt
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to bef...
CVE-2025-46827HIGH8.0ten sam produkt
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possibl...