Graylog Graylog Web Interface
7 CVEs affecting Graylog Graylog Web Interface. Latest disclosed: 2026-02-18. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-1435 | Critical | 9.8 | 2026-02-18 | Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. T… |
CVE-2026-1436 | Medium | 6.5 | 2026-02-18 | Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other us… |
CVE-2026-1441 | Medium | 6.1 | 2026-02-18 | Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in… |
CVE-2026-1440 | Medium | 6.1 | 2026-02-18 | Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in… |
CVE-2026-1439 | Medium | 6.1 | 2026-02-18 | Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in… |
CVE-2026-1438 | Medium | 6.1 | 2026-02-18 | Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in… |
CVE-2026-1437 | Medium | 6.1 | 2026-02-18 | Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in… |