Skip to main content

LogonTracer EUVDEUVD-2026-25742

| CVE-2026-33566 MEDIUM
Improper Neutralization of Special Elements in Data Query Logic (CWE-943)
2026-04-27 jpcert
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

5
Analysis Generated
Apr 27, 2026 - 00:29 vuln.today
CVSS changed
Apr 27, 2026 - 00:22 NVD
4.3 (MEDIUM) 5.1 (MEDIUM)
EUVD ID Assigned
Apr 27, 2026 - 00:15 euvd
EUVD-2026-25742
Analysis Generated
Apr 27, 2026 - 00:15 vuln.today
CVE Published
Apr 27, 2026 - 00:04 nvd
MEDIUM 5.1

DescriptionCVE.org

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.

AnalysisAI

Cypher injection in LogonTracer prior to v2.0.0 allows remote attackers to alter database contents by submitting specially crafted Windows event log data. The vulnerability requires user interaction to load the malicious log data but results in integrity compromise of the underlying database due to improper input sanitization in Cypher query construction.

Technical ContextAI

LogonTracer is a Windows event log analysis tool that parses security event logs and stores data in a graph database (likely Neo4j based on Cypher injection classification). The vulnerability exists in the event log import mechanism where user-supplied data from Windows event logs is incorporated into Cypher queries without proper escaping or parameterized query construction. CWE-943 (Improper Neutralization of Special Elements in Data Query Logic) identifies the root cause: unsanitized event log field values are concatenated directly into Cypher query syntax, allowing attackers to inject arbitrary Cypher commands. CPE indicates this affects all versions of LogonTracer prior to 2.0.0.

RemediationAI

Upgrade LogonTracer to version 2.0.0 or later, which addresses the cypher injection vulnerability. For organizations unable to immediately upgrade, restrict access to the LogonTracer import function to trusted administrators only and implement file integrity monitoring on event log sources to detect unauthorized modifications before import. Validate and sanitize all imported event log data by pre-processing logs through a separate tool that strips or escapes special characters used in Cypher syntax (e.g., quotes, brackets, colons) before loading into LogonTracer. Detailed remediation guidance is available from the JPCERT/CC advisory at https://www.jpcert.or.jp/press/2026/PR20260423.html and the Japan Vulnerability Notes (JVN) entry at https://jvn.jp/en/jp/JVN57877356/.

Share

EUVD-2026-25742 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy