What is the CVSS score of CVE-2026-45392?

CVE-2026-45392 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Cribl Stream are affected by CVE-2026-45392?

CVE-2026-45392 is a critical remote code execution vulnerability in Cribl Stream affecting all versions prior to 4.17.1, allowing unauthenticated network attackers to achieve complete system…. A patch is available.

How to fix or mitigate CVE-2026-45392?

Within 24 hours: Identify all Cribl Stream deployments and their current versions in your environment using asset inventory or network scanning. Within 7 days: Apply vendor-released patch to Cribl Stream version 4.17.1 across all affected instances, prioritizing internet-facing deployments. Within 30 days: Verify patch deployment completion across all instances and validate through version confirmation; implement network segmentation to restrict unauthenticated access to Cribl Stream administrative interfaces as a defense-in-depth measure.

Cribl Stream CVE-2026-45392

EUVD-2026-29357 CRITICAL

Improper Input Validation (CWE-20)

2026-05-12 Cribl

GHSA-6gcc-j9m6-4752

Information Disclosure Cribl Stream

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 12:22 vuln.today

CVSS changed

May 15, 2026 - 12:22 NVD

9.8 (CRITICAL)

Patch available

May 12, 2026 - 03:01 EUVD

CVE Published

May 12, 2026 - 01:06 nvd

UNKNOWN (no severity yet)

CVE Published

May 12, 2026 - 01:06 nvd

CRITICAL 9.8

DescriptionNVD

Reserved. Details will be published at disclosure.

AnalysisAI

Remote unauthenticated attackers can achieve complete system compromise of Cribl Stream instances prior to version 4.17.1 through improper input validation (CWE-20). The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation requiring no authentication or user interaction against network-accessible deployments. …

RemediationAI

Within 24 hours: Identify all Cribl Stream deployments and their current versions in your environment using asset inventory or network scanning. Within 7 days: Apply vendor-released patch to Cribl Stream version 4.17.1 across all affected instances, prioritizing internet-facing deployments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45392 vulnerability details – vuln.today

Back

Cribl Stream CVE-2026-45392

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code