CVE-2026-1440

Name of the Vulnerable Software and Affected Versions Graylog versions 2.2.3

Description A Reflected Cross-Site Scripting (XSS) issue exists in the Graylog Web Interface console. This is due to insufficient sanitization and escaping of HTML output. The application includes parts of the URL directly in responses without proper output encoding, which allows an attacker to inject and run arbitrary JavaScript code when a user clicks a specially designed URL. Exploitation could lead to script execution within the user's browser and potential manipulation of the user's session. The vulnerable API endpoint is /system/pipelines/.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid clicking on untrusted URLs related to the Graylog Web Interface.