Fluentbit Fluent Bit

5 CVEs affecting Fluentbit Fluent Bit. Latest disclosed: 2025-11-24. Critical: 1, High: 1.

Top CVEs affecting Fluentbit Fluent Bit
CVESeverityScorePublishedSummary
CVE-2025-12977Critical9.12025-11-24Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write reco…
CVE-2025-12970High8.82025-11-24The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who…
CVE-2025-12969Medium6.52025-11-24Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows re…
CVE-2025-12978Medium5.42025-11-24Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matchin…
CVE-2025-12972Medium5.32025-11-24Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted ta…