CVE-2026-1435

Name of the Vulnerable Software and Affected Versions Graylog versions prior to 2.2.3

Description The Graylog Web Interface has a flaw related to session handling. Specifically, session identifiers are not properly invalidated after a user logs in, leading to the generation of new session IDs while old ones remain valid. This allows a compromised or leaked session ID to be reused for unauthorized access to the application and its API, potentially compromising account integrity. An attacker with network access to the web service/API network (port 9000 or HTTP/S endpoint of the server) could exploit this issue.

Recommendations Update to a version of Graylog Web Interface later than 2.2.3.