Skip to main content

Cribl Edge CVE-2026-45391

| EUVDEUVD-2026-29355 HIGH
Improper Input Validation (CWE-20)
2026-05-12 Cribl GHSA-v5fp-5xmq-m2x6
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

10
Analysis Updated
Jun 02, 2026 - 17:31 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 02, 2026 - 17:31 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 02, 2026 - 17:22 vuln.today
cvss_changed
Severity Changed
Jun 02, 2026 - 17:22 NVD
CRITICAL HIGH
CVSS changed
Jun 02, 2026 - 17:22 NVD
9.8 (CRITICAL) 8.5 (HIGH)
Analysis Generated
May 15, 2026 - 12:22 vuln.today
CVSS changed
May 15, 2026 - 12:22 NVD
9.8 (CRITICAL)
Patch available
May 12, 2026 - 03:01 EUVD
CVE Published
May 12, 2026 - 01:06 nvd
UNKNOWN (no severity yet)
CVE Published
May 12, 2026 - 01:06 nvd
CRITICAL 9.8

DescriptionCVE.org

Reserved. Details will be published at disclosure.

AnalysisAI

Local privilege-context input validation flaw in Cribl Edge versions prior to 4.17.1 allows an authenticated local user with low privileges to compromise confidentiality, integrity, and availability of the Edge node. Tagged as an information disclosure issue by the vendor, the vulnerability scores CVSS 4.0 8.5 (high) but carries a very low EPSS of 0.02%, and no public exploit identified at time of analysis. A vendor patch is available and the issue is tracked as EUVD-2026-29355.

Technical ContextAI

Cribl Edge is a lightweight data collection and observability agent deployed on endpoints and servers to forward logs, metrics, and events to downstream pipelines. The root cause is classified as CWE-20 (Improper Input Validation), meaning the Edge agent fails to properly validate input it receives - likely from a local interface, configuration channel, or IPC path given the AV:L vector - before acting on it. Because the affected CPE is cpe:2.3:a:cribl:cribl_edge:*:*:*:*:*:*:*:*, every prior 4.x build of the Edge component (not the broader Cribl Stream or Cloud control plane) inherits the defect until upgraded to 4.17.1.

RemediationAI

Vendor-released patch: upgrade Cribl Edge to version 4.17.1 or later, as documented in the v4.17.1 security fixes release notes at https://docs.cribl.io/edge/release-notes/release-v4171#security-fixes and announced via the Cribl trust portal at https://trust.cribl.io/notifications. Because exploitation requires local access with low privileges (AV:L/PR:L), interim compensating controls until patching is complete include restricting interactive and remote shell access to hosts running Edge (limits the local attacker pool), tightening file-system and IPC permissions on Edge's working directories and sockets so only the Edge service account can write to them, and auditing which low-privileged service accounts are co-resident on Edge hosts; the trade-off is operational friction for legitimate admins and observability tooling that may share the host.

Share

CVE-2026-45391 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy