Skip to main content

Graylog CVE-2026-1436

MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-02-18 cve-coordination@incibe.es
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 18, 2026 - 14:16 nvd
MEDIUM 6.5

DescriptionCVE.org

Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http://<IP>:12900/users/<my_user>' does not implement object-level authorization validations.

AnalysisAI

Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows authenticated users to enumerate and access other users' profiles by manipulating user IDs in requests. An attacker with valid credentials can extract sensitive information including usernames, email addresses, internal identifiers, and last activity timestamps from arbitrary user accounts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment CVSS 6.5 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-1436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy