CVE-2025-12978

Name of the Vulnerable Software and Affected Versions Fluent Bit in http, in splunk, and in elasticsearch input plugins (affected versions not specified)

Description The input plugins in http, in splunk, and in elasticsearch within Fluent Bit have a flaw in how they validate the tag key. The validation does not properly enforce exact key-length matching, which allows crafted inputs to be misinterpreted as a full match when they are only a tag prefix. An attacker with access to these input endpoints can manipulate tags and redirect records to unintended destinations. This can compromise the authenticity of ingested logs and allow for the injection of forged data, alert flooding, and routing manipulation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.