PT-2026-53004 · Fluentd+2 · Fluentd
Published
2026-06-26
·
Updated
2026-07-09
·
CVE-2026-44160
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Fluentd versions prior to 1.19.3
Description
The
in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is enforced on the size of the decompressed data, a crafted compressed payload can expand to an excessive size in memory during decompression. This leads to memory exhaustion and a Denial of Service (DoS), which may result in the operating system terminating the process and disrupting log collection and forwarding capabilities.Recommendations
Update to version 1.19.3.
Restrict network access to Fluentd input ports, such as
9880 for in http and 24224 for in forward, ensuring they are only accessible within a closed, trusted network.
Place a reverse proxy in front of Fluentd to handle gzip decompression and enforce strict limits on both compressed and uncompressed body sizes.Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fluentd