PT-2026-53002 · Fluentd · Fluentd
Published
2026-06-26
·
Updated
2026-06-30
·
CVE-2026-44024
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fluentd versions prior to 1.19.3
Description
Insufficient validation of the
${tag} placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and uses this placeholder in file configurations, such as the path parameter in the out file plugin, an attacker can inject path traversal characters. This enables the writing of arbitrary files or the overwriting of existing system files with attacker-controlled content, bypassing directory restrictions. This arbitrary file write can be escalated to Remote Code Execution (RCE) by overwriting critical system files, injecting executable plugins, or modifying configuration files, potentially leading to full system compromise without authentication.Recommendations
Update to version 1.19.3.
Restrict network access to Fluentd input ports, such as
in forward on port 24224, using firewall rules to block untrusted networks.
Run Fluentd as a non-root user to prevent writing to sensitive system directories.
Avoid using the ${tag} placeholder in the path parameter of output plugins when tags originate from untrusted sources.
Validate and filter incoming tags at the input layer to drop any tags containing . or / characters.Fix
Path traversal
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fluentd