Fluentd CVE-2026-44025
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Network-reachable and unauthenticated (AV:N/PR:N), but AC:H because exposure depends on a non-default reachable port and on plugins storing secrets in instance variables; high confidentiality loss only, no integrity or availability impact.
Primary rating from Vendor (https://github.com/fluent/fluentd).
CVSS VectorVendor: https://github.com/fluent/fluentd
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Fluentd's Monitor Agent plugin (in_monitor_agent) exposes internal metrics and plugin information via a REST API. It was discovered that the API response (/api/plugins.json and related endpoints) unintentionally includes internal instance variables of loaded plugins.
If any plugins store sensitive information-such as database passwords, API keys, or cloud credentials-in its instance variables, this information may be exposed in plain text to any user or system that has HTTP access to the Monitor Agent API.
Impact
This vulnerability allows for unauthorized information disclosure. An attacker who can reach the Monitor Agent API port (default: 24220) can potentially extract sensitive credentials used by other Fluentd plugins. The impact severity depends highly on the network configuration (whether the Monitor Agent port is exposed to untrusted networks) and the specific plugins configured in the Fluentd instance.
Patches:
v1.19.3
Workarounds
If usesrs cannot immediately update Fluentd to the patched version, they can mitigate this risk by strictly controlling access to the Monitor Agent port.
Ensure the Monitor Agent is only bound to localhost (127.0.0.1) rather than 0.0.0.0.
<source>
@type monitor_agent
bind 127.0.0.1
port 24220
</source>Use firewall rules (e.g., iptables, AWS Security Groups) to block access to the Monitor Agent port (24220) from untrusted networks or instances.
AnalysisAI
Sensitive information disclosure in Fluentd's Monitor Agent plugin (in_monitor_agent) at versions <= 1.19.2 allows anyone with HTTP access to the metrics API (default TCP port 24220) to read internal instance variables of loaded plugins via /api/plugins.json and related endpoints. Because plugins frequently hold database passwords, API keys, and cloud credentials in instance variables, those secrets can be returned in plain text to unauthenticated callers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete conditions drawn from the advisory: (1) network reachability to the in_monitor_agent HTTP API on its default port 24220 - if the agent is bound only to 127.0.0.1 or the port is firewalled, remote exploitation is not possible; and (2) at least one loaded Fluentd plugin must store sensitive values (DB passwords, API keys, cloud credentials) in its Ruby instance variables, since the leak only exposes whatever those variables contain. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5, High) treats this as trivially exploitable network-reachable credential disclosure, which is accurate when the agent is bound to a routable interface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach a Fluentd host's Monitor Agent on TCP 24220 (for example, because it was bound to 0.0.0.0 and is reachable from an adjacent subnet or the internet) simply issues an HTTP GET to /api/plugins.json. The response includes the internal instance variables of loaded output plugins, from which the attacker harvests plaintext database passwords or cloud API keys and then reuses them to pivot into the backing datastores or cloud accounts. … |
| Remediation | Vendor-released patch: upgrade Fluentd to 1.19.3 or later (https://github.com/fluent/fluentd/releases/tag/v1.19.3), which changes the default visibility of config, retry, and debug information returned by in_monitor_agent (PR #5392). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Fluentd instances running v1.19.2 or earlier and determine which are accessible on port 24220 (Monitor Agent default). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-pr7j-96cj-549h