Fluentbit Fluent Bit
5 CVEs affecting Fluentbit Fluent Bit. Latest disclosed: 2025-11-24. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12977 | Critical | 9.1 | 2025-11-24 | Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write reco… |
CVE-2025-12970 | High | 8.8 | 2025-11-24 | The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who… |
CVE-2025-12969 | Medium | 6.5 | 2025-11-24 | Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows re… |
CVE-2025-12978 | Medium | 5.4 | 2025-11-24 | Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matchin… |
CVE-2025-12972 | Medium | 5.3 | 2025-11-24 | Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted ta… |