Graylog2 Graylog2-server

9 CVEs affecting Graylog2 Graylog2-server. Latest disclosed: 2025-07-02. Critical: 0, High: 3.

Top CVEs affecting Graylog2 Graylog2-server
CVESeverityScorePublishedSummary
CVE-2025-53106High8.82025-07-02Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated p…
CVE-2024-24824High8.82024-02-07Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and insta…
CVE-2025-46827High8.02025-05-07Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an…
CVE-2025-30373Medium6.52025-04-07Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specif…
CVE-2024-52506Medium6.52024-11-18Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboar…
CVE-2024-24823Medium5.72024-02-07Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session…
CVE-2023-41045Low3.72023-08-31Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoin…
CVE-2023-41044Low3.32023-08-31Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is c…
CVE-2023-41041Low2.62023-08-30Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used f…