CVE-2026-33466

Name of the Vulnerable Software and Affected Versions Logstash (affected versions not specified)

Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Path Traversal (CAPEC-139). The archive extraction utilities do not adequately validate file paths. An attacker who can provide a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In configurations with automatic pipeline reloading enabled, this could escalate to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.