All 7 CVE vulnerabilities found in fluentd, with AI-generated Chinese analysis, references, and POCs.
Vendor: Cloud Native Computing Foundation (CNCF)
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-44161 | Fluentd: Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http` CWE-918 | 7.2 | High | 2026-07-08 |
| CVE-2026-44160 | Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward` CWE-409 | 7.5 | High | 2026-07-08 |
| CVE-2026-44025 | Fluentd: Exposure of Sensitive Information via Monitor Agent API CWE-306 | 7.5 | High | 2026-07-08 |
| CVE-2026-44024 | Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder CWE-22 | 9.8 | Critical | 2026-07-08 |
| CVE-2022-39379 | Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) CWE-502 | 3.1 | Low | 2022-11-02 |
| CVE-2021-41186 | ReDoS vulnerability in parser_apache2 CWE-400 | 5.9 | Medium | 2021-10-29 |
| CVE-2017-10906 | Fluentd 安全漏洞 | 9.8 | - | 2017-12-08 |
All 7 known CVE vulnerabilities affecting fluentd with full Chinese analysis, references, and POCs where available.