cbcvebase.

Graylog Web Interface vulnerabilities

7 known vulnerabilities affecting graylog/graylog_web_interface.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2026-1435P2CRITICALCVSS 9.8v2.2.32026-02-18
CVE-2026-1435 [CRITICAL] CWE-613 CVE-2026-1435: Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incor Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive log
nvd
CVE-2026-1436P3MEDIUMCVSS 6.5v2.2.32026-02-18
CVE-2026-1436 [MEDIUM] CWE-639 CVE-2026-1436: Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the us Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names
nvd
CVE-2026-1437P4MEDIUMCVSS 6.1v2.2.32026-02-18
CVE-2026-1437 [MEDIUM] CWE-79 CVE-2026-1437: Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a
nvd
CVE-2026-1440P4MEDIUMCVSS 6.1v2.2.32026-02-18
CVE-2026-1440 [MEDIUM] CWE-79 CVE-2026-1440: Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a
nvd
CVE-2026-1441P4MEDIUMCVSS 6.1v2.2.32026-02-18
CVE-2026-1441 [MEDIUM] CWE-79 CVE-2026-1441: Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a
nvd
CVE-2026-1438P4MEDIUMCVSS 6.1v2.2.32026-02-18
CVE-2026-1438 [MEDIUM] CWE-79 CVE-2026-1438: Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a
nvd
CVE-2026-1439P4MEDIUMCVSS 6.1v2.2.32026-02-18
CVE-2026-1439 [MEDIUM] CWE-79 CVE-2026-1439: Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2 Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a
nvd