Skip to main content

Cribl Edge EUVDEUVD-2026-29358

| CVE-2026-45393 HIGH
Improper Input Validation (CWE-20)
2026-05-12 Cribl GHSA-2hpj-h2fj-2jg5
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

10
Analysis Updated
Jun 02, 2026 - 17:29 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 02, 2026 - 17:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 02, 2026 - 17:22 vuln.today
cvss_changed
Severity Changed
Jun 02, 2026 - 17:22 NVD
CRITICAL HIGH
CVSS changed
Jun 02, 2026 - 17:22 NVD
9.8 (CRITICAL) 8.5 (HIGH)
Analysis Generated
May 15, 2026 - 12:22 vuln.today
CVSS changed
May 15, 2026 - 12:22 NVD
9.8 (CRITICAL)
Patch available
May 12, 2026 - 03:01 EUVD
CVE Published
May 12, 2026 - 01:06 nvd
UNKNOWN (no severity yet)
CVE Published
May 12, 2026 - 01:06 nvd
CRITICAL 9.8

DescriptionCVE.org

Reserved. Details will be published at disclosure.

AnalysisAI

Local privilege-bound input validation flaw in Cribl Edge versions prior to 4.17.1 allows an authenticated low-privileged local user to achieve high impact on confidentiality, integrity, and availability of the affected node. The issue is tracked as CWE-20 (Improper Input Validation) and was reported by Cribl itself with a vendor patch already available; no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Technical ContextAI

Cribl Edge is a distributed data collection and processing agent deployed on endpoints and servers to forward observability data (logs, metrics, traces) to Cribl Stream and downstream destinations. The root cause is classified as CWE-20 (Improper Input Validation), meaning the affected component accepts input that is not properly sanitized or constrained before it influences a security-relevant operation. The CPE cpe:2.3:a:cribl:cribl_edge:*:*:*:*:*:*:*:* combined with the EUVD range 'Cribl Edge 0 <4.17.1' indicates all versions from initial release up to but not including 4.17.1 are vulnerable. Because the CVSS 4.0 vector is AV:L/PR:L, the input that triggers the flaw is supplied through a local interface (such as a local CLI, configuration file, IPC, or local management endpoint) that requires an already-authenticated low-privileged account on the host where the Edge agent runs.

RemediationAI

Vendor-released patch: upgrade Cribl Edge to version 4.17.1 or later as documented in the v4.17.1 security fixes release notes at https://docs.cribl.io/edge/release-notes/release-v4171#security-fixes, and monitor https://trust.cribl.io/notifications for any follow-up advisories. Because exploitation requires local access with at least low privileges, interim compensating controls until patching include restricting interactive and remote-shell access on hosts running Cribl Edge to a minimal set of trusted administrators, tightening filesystem permissions on Cribl Edge configuration directories and Unix sockets / local API endpoints so non-admin users cannot interact with them, and auditing any local management commands or scripts exposed to lower-privileged service accounts (trade-off: may break automation that runs under non-admin service accounts and increases operational friction for legitimate troubleshooting). Avoid running Cribl Edge on multi-tenant hosts shared with untrusted users until the upgrade is applied.

Share

EUVD-2026-29358 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy