Graylog Graylog Web Interface

7 CVEs affecting Graylog Graylog Web Interface. Latest disclosed: 2026-02-18. Critical: 1, High: 0.

Top CVEs affecting Graylog Graylog Web Interface
CVESeverityScorePublishedSummary
CVE-2026-1435Critical9.82026-02-18Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. T…
CVE-2026-1436Medium6.52026-02-18Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other us…
CVE-2026-1441Medium6.12026-02-18Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in…
CVE-2026-1440Medium6.12026-02-18Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in…
CVE-2026-1439Medium6.12026-02-18Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in…
CVE-2026-1438Medium6.12026-02-18Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in…
CVE-2026-1437Medium6.12026-02-18Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in…