PT-2026-53002 · Fluentd · Fluentd

Published

2026-06-26

·

Updated

2026-06-30

·

CVE-2026-44024

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3
Description Insufficient validation of the ${tag} placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and uses this placeholder in file configurations, such as the path parameter in the out file plugin, an attacker can inject path traversal characters. This enables the writing of arbitrary files or the overwriting of existing system files with attacker-controlled content, bypassing directory restrictions. This arbitrary file write can be escalated to Remote Code Execution (RCE) by overwriting critical system files, injecting executable plugins, or modifying configuration files, potentially leading to full system compromise without authentication.
Recommendations Update to version 1.19.3. Restrict network access to Fluentd input ports, such as in forward on port 24224, using firewall rules to block untrusted networks. Run Fluentd as a non-root user to prevent writing to sensitive system directories. Avoid using the ${tag} placeholder in the path parameter of output plugins when tags originate from untrusted sources. Validate and filter incoming tags at the input layer to drop any tags containing . or / characters.

Fix

Path traversal

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44024
GHSA-44HJ-4M45-FRJ3

Affected Products

Fluentd