Product
graylog
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1441
CVE-2026-1440
CVE-2026-1439
CVE-2026-1438
CVE-2026-1437
CVE-2026-1436
CVE-2026-1435
CVE-2025-53106
CVE-2025-46827
CVE-2025-30373
CVE-2024-52506
CVE-2024-24824
CVE-2024-24823
CVE-2023-41045
CVE-2023-41044
CVE-2023-41041
CVE-2021-37760
CVE-2021-37759
CVE-2020-15813
CVE-2018-14380
CVE-2018-11651
CVE-2018-11650
all versions
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper
all versions
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper
all versions
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper
all versions
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper
all versions
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper
all versions
Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authentic
all versions
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session inv
>= 6.2.0 and < 6.2.4
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Gray
< 6.0.14
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user ses
>= 6.1.0 and < 6.1.9
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified heade
>= 6.1.0 and < 6.1.2
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of r
>= 2.0.0 and < 5.1.11
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary cl
>= 4.3.0 and < 5.1.11
Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthentica
< 5.0.9
Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog bind
>= 5.1.0 and < 5.1.3
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's
Support Bundle fe>= 1.0.0 and < 5.0.9
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a use
>= 2.1.1 and < 4.1.2
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the lea
>= 0.20.0 and < 4.1.2
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of th
< 3.3.3
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in
< 2.4.6
In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/
< 2.4.4
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.
< 2.4.4
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.