Skip to main content

Logstash

15 CVEs product

Monthly

CVE-2026-33466 HIGH This Week

Remote code execution in Elastic Logstash versions 8.0.0 through 8.19.13 allows unauthenticated network attackers to write arbitrary files and execute code via malicious compressed archives. The vulnerability exploits improper path validation in archive extraction utilities, enabling attackers who compromise or control update endpoints to deliver path traversal payloads. When automatic pipeline reloading is enabled, arbitrary file writes escalate to full RCE with Logstash process privileges. CVSS 8.1 (High) with network vector but high attack complexity. EPSS data and KEV status not provided; no public exploit confirmed at time of analysis, though the technical details disclosed increase weaponization risk for environments with exposed update mechanisms.

Path Traversal RCE Logstash
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-46672 MEDIUM This Month

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Logstash
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-22138 LOW Monitor

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2020-2143 Maven MEDIUM PATCH This Month

Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Logstash
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-7620 HIGH This Week

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Logstash
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-7612 CRITICAL Act Now

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash Active Iq Performance Analytics Services
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2018-3817 MEDIUM This Month

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-14730 HIGH This Week

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-5619 MEDIUM This Month

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-5378 HIGH This Week

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-10363 HIGH This Week

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Logstash
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-1000222 HIGH This Week

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1000221 Ruby HIGH PATCH This Week

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-4152 MEDIUM This Month

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Elastic Logstash
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-4326 Ruby HIGH PATCH This Week

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Elastic Zabbix Logstash
NVD
CVSS 2.0
7.5
EPSS
0.9%
EPSS 0% CVSS 8.1
HIGH This Week

Remote code execution in Elastic Logstash versions 8.0.0 through 8.19.13 allows unauthenticated network attackers to write arbitrary files and execute code via malicious compressed archives. The vulnerability exploits improper path validation in archive extraction utilities, enabling attackers who compromise or control update endpoints to deliver path traversal payloads. When automatic pipeline reloading is enabled, arbitrary file writes escalate to full RCE with Logstash process privileges. CVSS 8.1 (High) with network vector but high attack complexity. EPSS data and KEV status not provided; no public exploit confirmed at time of analysis, though the technical details disclosed increase weaponization risk for environments with exposed update mechanisms.

Path Traversal RCE Logstash
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Logstash
NVD
EPSS 0% CVSS 3.7
LOW Monitor

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logstash
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Logstash
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Logstash
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash Active Iq Performance Analytics Services
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Logstash
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Logstash
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Logstash
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Elastic Logstash
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Elastic Zabbix +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy