CVE-2026-45391 | THREATINT

Description

A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.

PUBLISHED Reserved 2026-05-12 | Published 2026-05-12 | Updated 2026-06-02 | Assigner Cribl

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

3.2.0 (semver) before 4.17.1

affected

4.17.1 (semver)

unaffected

Credits

Zach Rayburn, Cribl Product Security finder

References

docs.cribl.io/edge/release-notes/release-v4171 (Cribl Edge 4.17.1 Security Fixes) release-notes

trust.cribl.io/notifications (Cribl Trust Portal) vendor-advisory

cve.org (CVE-2026-45391)

nvd.nist.gov (CVE-2026-45391)

Download JSON