Is Graylog affected by CVE-2026-1440?

CVE-2026-1440 presents moderate security risk, a cross-site scripting vulnerability rated CVSS 6.1. Attackers could inject scripts to steal sessions or perform actions as authenticated users. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-1440

MEDIUM

2026-02-18 [email protected]

6.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 18, 2026 - 14:16 nvd

MEDIUM 6.1

Description

Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/pipelines/' endpoint.

Analysis

Reflected XSS in Graylog Web Interface version 2.2.3 fails to properly sanitize user-supplied input in the /system/pipelines/ endpoint, enabling attackers to inject malicious JavaScript through specially crafted URLs. An attacker can execute arbitrary scripts in a victim's browser and potentially hijack user sessions when the victim visits a malicious link. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +30

POC: 0

CVE-2026-1440 vulnerability details – vuln.today

Back

CVE-2026-1440

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-1440

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code