Skip to main content

Cribl Stream CVE-2026-45392

| EUVDEUVD-2026-29357 HIGH
Improper Input Validation (CWE-20)
2026-05-12 Cribl GHSA-6gcc-j9m6-4752
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

10
Analysis Updated
Jun 02, 2026 - 17:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 02, 2026 - 17:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 02, 2026 - 17:22 vuln.today
cvss_changed
Severity Changed
Jun 02, 2026 - 17:22 NVD
CRITICAL HIGH
CVSS changed
Jun 02, 2026 - 17:22 NVD
9.8 (CRITICAL) 8.4 (HIGH)
Analysis Generated
May 15, 2026 - 12:22 vuln.today
CVSS changed
May 15, 2026 - 12:22 NVD
9.8 (CRITICAL)
Patch available
May 12, 2026 - 03:01 EUVD
CVE Published
May 12, 2026 - 01:06 nvd
UNKNOWN (no severity yet)
CVE Published
May 12, 2026 - 01:06 nvd
CRITICAL 9.8

DescriptionCVE.org

Reserved. Details will be published at disclosure.

AnalysisAI

Information disclosure in Cribl Stream versions prior to 4.17.1 allows authenticated remote attackers with low privileges to obtain sensitive data when a user interacts with attacker-supplied content, per CVSS 4.0 vector AV:N/AC:L/PR:L/UI:A. The flaw, classified as CWE-20 (Improper Input Validation), carries a CVSS base score of 8.4 reflecting high confidentiality and integrity impact, but EPSS is only 0.02% (5th percentile) and CISA SSVC reports no observed exploitation. No public exploit identified at time of analysis.

Technical ContextAI

Cribl Stream is an observability data pipeline used to collect, route, and transform logs, metrics, and events between sources and analytics destinations such as SIEMs and data lakes. The CPE cpe:2.3:a:cribl:cribl_stream identifies the affected product line, and the CWE-20 (Improper Input Validation) classification indicates the root cause is the application accepting or processing input without sufficient validation, allowing a low-privileged authenticated user - combined with a victim interaction - to coerce the application into disclosing or altering data it should not. Because Stream typically processes high-sensitivity telemetry (security logs, API tokens routed in pipelines, customer event data), an input-validation flaw in this control plane has outsized confidentiality consequences relative to a generic web app.

RemediationAI

Upgrade Cribl Stream to version 4.17.1 or later, which Cribl identifies in the v4.17.1 release notes (https://docs.cribl.io/stream/release-notes/release-v4171#security-fixes) as containing the security fix; this is the primary and vendor-recommended remediation. Until upgrade is completed, restrict Cribl Stream UI and API access to a trusted management network and tighten role assignments so that the PR:L precondition cannot be met by general users - review any non-admin accounts and remove unnecessary low-privileged access, accepting the trade-off that downstream pipeline operators may lose self-service capability. Because exploitation requires UI:A (user interaction), brief Stream administrators and editors to avoid interacting with unsolicited content or links presented inside the Stream console until patched, and monitor Cribl's trust notification page at https://trust.cribl.io/notifications for any post-disclosure indicators of compromise.

Share

CVE-2026-45392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy